2 files changed, 44 insertions, 0 deletions
diff --git a/recipes-extended/dpdk/dpdk/CVE-2024-11614.patch b/recipes-extended/dpdk/dpdk/CVE-2024-11614.patch
new file mode 100644
index 0000000..ea80403
--- /dev/null
+++ b/recipes-extended/dpdk/dpdk/CVE-2024-11614.patch
@@ -0,0 +1,43 @@
+From 4dc4e33ffa108e945fc8a1e2bbc7819791faa61e Mon Sep 17 00:00:00 2001
+From: Olivier Matz <olivier.matz@6wind.com>
+Date: Thu, 28 Nov 2024 12:09:56 +0100
+Subject: [PATCH] net/virtio: fix Rx checksum calculation
+If hdr->csum_start is larger than packet length, the len argument passed
+to rte_raw_cksum_mbuf() overflows and causes a segmentation fault.
+Ignore checksum computation in this case.
+CVE-2024-11614
+Fixes: ca7036b4af3a ("vhost: fix offload flags in Rx path")
+Signed-off-by: Maxime Gouin <maxime.gouin@6wind.com>
+Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
+Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
+CVE: CVE-2024-11614
+Upstream-Status: Backport [https://git.dpdk.org/dpdk/commit/?id=4dc4e33ffa108e945fc8a1e2bbc7819791faa61e]
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ lib/vhost/virtio_net.c | 3 +++
+ 1 file changed, 3 insertions(+)
+diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c
+index fa0779d03d..038ac6a774 100644
+--- a/lib/vhost/virtio_net.c
+++ b/lib/vhost/virtio_net.c
+@@ -2261,6 +2261,9 @@ vhost_dequeue_offload(struct virtio_net_hdr *hdr, struct rte_mbuf *m,
+                         */
+                        uint16_t csum = 0, off;
+                       if (hdr->csum_start >= rte_pktmbuf_pkt_len(m))
+                               return;
+
+                        if (rte_raw_cksum_mbuf(m, hdr->csum_start,
+                                        rte_pktmbuf_pkt_len(m) - hdr->csum_start, &csum) < 0)
+                                return;
+--
+2.40.0
diff --git a/recipes-extended/dpdk/dpdk_21.11.7.bb b/recipes-extended/dpdk/dpdk_21.11.7.bb
index 848a4b2..1e20e39 100644
--- a/recipes-extended/dpdk/dpdk_21.11.7.bb
+++ b/recipes-extended/dpdk/dpdk_21.11.7.bb
@@ -2,6 +2,7 @@ include dpdk.inc
 SRC_URI += " \
            file://0001-meson.build-march-and-mcpu-already-passed-by-Yocto-21.11.patch \
+            file://CVE-2024-11614.patch \
 "
 STABLE = "-stable"

diff --git a/recipes-extended/dpdk/dpdk/CVE-2024-11614.patch b/recipes-extended/dpdk/dpdk/CVE-2024-11614.patch new file mode 100644 index 0000000..ea80403 --- /dev/null +++ b/recipes-extended/dpdk/dpdk/CVE-2024-11614.patch
@@ -0,0 +1,43 @@
		1	From 4dc4e33ffa108e945fc8a1e2bbc7819791faa61e Mon Sep 17 00:00:00 2001
		2	From: Olivier Matz <olivier.matz@6wind.com>
		3	Date: Thu, 28 Nov 2024 12:09:56 +0100
		4	Subject: [PATCH] net/virtio: fix Rx checksum calculation
		5
		6	If hdr->csum_start is larger than packet length, the len argument passed
		7	to rte_raw_cksum_mbuf() overflows and causes a segmentation fault.
		8
		9	Ignore checksum computation in this case.
		10
		11	CVE-2024-11614
		12
		13	Fixes: ca7036b4af3a ("vhost: fix offload flags in Rx path")
		14
		15	Signed-off-by: Maxime Gouin <maxime.gouin@6wind.com>
		16	Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
		17	Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
		18
		19	CVE: CVE-2024-11614
		20
		21	Upstream-Status: Backport [https://git.dpdk.org/dpdk/commit/?id=4dc4e33ffa108e945fc8a1e2bbc7819791faa61e]
		22
		23	Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
		24	---
		25	lib/vhost/virtio_net.c \| 3 +++
		26	1 file changed, 3 insertions(+)
		27
		28	diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c
		29	index fa0779d03d..038ac6a774 100644
		30	--- a/lib/vhost/virtio_net.c
		31	+++ b/lib/vhost/virtio_net.c
		32	@@ -2261,6 +2261,9 @@ vhost_dequeue_offload(struct virtio_net_hdr hdr, struct rte_mbuf m,
		33	*/
		34	uint16_t csum = 0, off;
		35
		36	+ if (hdr->csum_start >= rte_pktmbuf_pkt_len(m))
		37	+ return;
		38	+
		39	if (rte_raw_cksum_mbuf(m, hdr->csum_start,
		40	rte_pktmbuf_pkt_len(m) - hdr->csum_start, &csum) < 0)
		41	return;
		42	--
		43	2.40.0


diff --git a/recipes-extended/dpdk/dpdk_21.11.7.bb b/recipes-extended/dpdk/dpdk_21.11.7.bb index 848a4b2..1e20e39 100644 --- a/recipes-extended/dpdk/dpdk_21.11.7.bb +++ b/recipes-extended/dpdk/dpdk_21.11.7.bb
@@ -2,6 +2,7 @@ include dpdk.inc
2		2
3	SRC_URI += " \	3	SRC_URI += " \
4	file://0001-meson.build-march-and-mcpu-already-passed-by-Yocto-21.11.patch \	4	file://0001-meson.build-march-and-mcpu-already-passed-by-Yocto-21.11.patch \
		5	file://CVE-2024-11614.patch \
5	"	6	"
6		7
7	STABLE = "-stable"	8	STABLE = "-stable"