2 files changed, 47 insertions, 1 deletions
diff --git a/recipes-extended/dpdk/dpdk/CVE-2024-11614.patch b/recipes-extended/dpdk/dpdk/CVE-2024-11614.patch
new file mode 100644
index 0000000..1cf5507
--- /dev/null
+++ b/recipes-extended/dpdk/dpdk/CVE-2024-11614.patch
@@ -0,0 +1,44 @@
+From 4dc4e33ffa108e945fc8a1e2bbc7819791faa61e Mon Sep 17 00:00:00 2001
+From: Olivier Matz <olivier.matz@6wind.com>
+Date: Thu, 28 Nov 2024 12:09:56 +0100
+Subject: [PATCH] net/virtio: fix Rx checksum calculation
+If hdr->csum_start is larger than packet length, the len argument passed
+to rte_raw_cksum_mbuf() overflows and causes a segmentation fault.
+Ignore checksum computation in this case.
+CVE-2024-11614
+Fixes: ca7036b4af3a ("vhost: fix offload flags in Rx path")
+Signed-off-by: Maxime Gouin <maxime.gouin@6wind.com>
+Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
+Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
+CVE: CVE-2024-11614
+Upstream-Status: Backport [https://git.dpdk.org/dpdk/commit/?id=4dc4e33ffa108e945fc8a1e2bbc7819791faa61e]
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ lib/vhost/virtio_net.c | 3 +++
+ 1 file changed, 3 insertions(+)
+diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c
+index 895a79cf51..058b5842f2 100644
+--- a/lib/vhost/virtio_net.c
+++ b/lib/vhost/virtio_net.c
+@@ -2831,6 +2831,9 @@ vhost_dequeue_offload(struct virtio_net *dev, struct virtio_net_hdr *hdr,
+                         */
+                        uint16_t csum = 0, off;
+ 
+                       if (hdr->csum_start >= rte_pktmbuf_pkt_len(m))
+                               return;
+
+                        if (rte_raw_cksum_mbuf(m, hdr->csum_start,
+                                        rte_pktmbuf_pkt_len(m) - hdr->csum_start, &csum) < 0)
+                                return;
+-- 
+2.40.0
diff --git a/recipes-extended/dpdk/dpdk_23.11.1.bb b/recipes-extended/dpdk/dpdk_23.11.1.bb
index e7a0a23..4c6d234 100644
--- a/recipes-extended/dpdk/dpdk_23.11.1.bb
+++ b/recipes-extended/dpdk/dpdk_23.11.1.bb
@@ -1,6 +1,8 @@
 include dpdk.inc
-SRC_URI += " file://0001-config-meson-get-cpu_instruction_set-from-meson-opti.patch "
+SRC_URI += " file://0001-config-meson-get-cpu_instruction_set-from-meson-opti.patch \
+             file://CVE-2024-11614.patch \
+           "
 STABLE = "-stable"
 BRANCH = "23.11"

diff --git a/recipes-extended/dpdk/dpdk/CVE-2024-11614.patch b/recipes-extended/dpdk/dpdk/CVE-2024-11614.patch new file mode 100644 index 0000000..1cf5507 --- /dev/null +++ b/recipes-extended/dpdk/dpdk/CVE-2024-11614.patch
@@ -0,0 +1,44 @@
		1	From 4dc4e33ffa108e945fc8a1e2bbc7819791faa61e Mon Sep 17 00:00:00 2001
		2	From: Olivier Matz <olivier.matz@6wind.com>
		3	Date: Thu, 28 Nov 2024 12:09:56 +0100
		4	Subject: [PATCH] net/virtio: fix Rx checksum calculation
		5
		6	If hdr->csum_start is larger than packet length, the len argument passed
		7	to rte_raw_cksum_mbuf() overflows and causes a segmentation fault.
		8
		9	Ignore checksum computation in this case.
		10
		11	CVE-2024-11614
		12
		13	Fixes: ca7036b4af3a ("vhost: fix offload flags in Rx path")
		14
		15	Signed-off-by: Maxime Gouin <maxime.gouin@6wind.com>
		16	Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
		17	Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
		18
		19	CVE: CVE-2024-11614
		20
		21	Upstream-Status: Backport [https://git.dpdk.org/dpdk/commit/?id=4dc4e33ffa108e945fc8a1e2bbc7819791faa61e]
		22
		23	Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
		24	---
		25	lib/vhost/virtio_net.c \| 3 +++
		26	1 file changed, 3 insertions(+)
		27
		28	diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c
		29	index 895a79cf51..058b5842f2 100644
		30	--- a/lib/vhost/virtio_net.c
		31	+++ b/lib/vhost/virtio_net.c
		32	@@ -2831,6 +2831,9 @@ vhost_dequeue_offload(struct virtio_net dev, struct virtio_net_hdr hdr,
		33	*/
		34	uint16_t csum = 0, off;
		35
		36	+ if (hdr->csum_start >= rte_pktmbuf_pkt_len(m))
		37	+ return;
		38	+
		39	if (rte_raw_cksum_mbuf(m, hdr->csum_start,
		40	rte_pktmbuf_pkt_len(m) - hdr->csum_start, &csum) < 0)
		41	return;
		42	--
		43	2.40.0
		44


diff --git a/recipes-extended/dpdk/dpdk_23.11.1.bb b/recipes-extended/dpdk/dpdk_23.11.1.bb index e7a0a23..4c6d234 100644 --- a/recipes-extended/dpdk/dpdk_23.11.1.bb +++ b/recipes-extended/dpdk/dpdk_23.11.1.bb
@@ -1,6 +1,8 @@
1	include dpdk.inc	1	include dpdk.inc
2		2
3	SRC_URI += " file://0001-config-meson-get-cpu_instruction_set-from-meson-opti.patch "	3	SRC_URI += " file://0001-config-meson-get-cpu_instruction_set-from-meson-opti.patch \
		4	file://CVE-2024-11614.patch \
		5	"
4		6
5	STABLE = "-stable"	7	STABLE = "-stable"
6	BRANCH = "23.11"	8	BRANCH = "23.11"