CVE-2022-28199 Informational: PAN-OS: Impact of the NVIDIA Dataplane Development Kit (DPDK) Vulnerability CVE-2022-28199
The Palo Alto Networks Product Security Assurance team evaluated the NVIDIA Dataplane Development Kit (DPDK) vulnerability (CVE-2022-28199) as it relates to our products.
This vulnerability causes networking stacks that use the NVIDIA distribution of the DPDK to enter an unrecoverable state when processing traffic and results in a denial-of-service (DoS) to the network interface.
Palo Alto Networks VM-Series (virtual) firewalls that have an enabled NVIDIA network interface card use the affected NVIDIA DPDK module on PAN-OS 10.1 and later versions of PAN-OS software but there are no scenarios that enable successful exploitation of this vulnerability in PAN-OS software. As a result, this vulnerability has no security impact on these firewalls.
This issue does not impact Palo Alto Networks PA-Series (hardware) firewalls, VM-Series (virtual) firewalls, CN-Series (container) firewalls, Panorama virtual appliances, Panorama M-Series appliances, Cloud NGFW customers, or Prisma Access customers.
To reiterate, there is no known security impact for this vulnerability in PAN-OS software.
|Prisma Access 3.1||None||all|
|Prisma Access 3.0||None||all|
|Prisma Access 2.2||None||all|
|Prisma Access 2.1||None||all|
CVSSv3.1 Base Score:0 (CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N)
Palo Alto Networks is not aware of any malicious exploitation of this issue.
CWE-20 Improper Input Validation
No product updates are required for Palo Alto Networks products at this time.
Frequently Asked Questions
Q. I received a notification from Microsoft about CVE-2022-28199. Is my PAN-OS firewall deployed in Microsoft Azure vulnerable?
No, even though Microsoft Azure deployments of Palo Alto Networks PAN-OS firewalls can use the affected NVIDIA DPDK module they are not impacted by this vulnerability. There are no scenarios that enable successful exploitation of this vulnerability in PAN-OS software.