Palo Alto Networks Security Advisories / CVE-2022-28199

CVE-2022-28199 Informational: PAN-OS: Impact of the NVIDIA Dataplane Development Kit (DPDK) Vulnerability CVE-2022-28199

047910
Severity 0 · NONE
Attack Vector Not applicable
Scope Not applicable
Attack Complexity Not applicable
Confidentiality Impact NONE
Privileges Required Not applicable
Integrity Impact NONE
User Interaction Not applicable
Availability Impact NONE

Description

The Palo Alto Networks Product Security Assurance team evaluated the NVIDIA Dataplane Development Kit (DPDK) vulnerability (CVE-2022-28199) as it relates to our products.

This vulnerability causes networking stacks that use the NVIDIA distribution of the DPDK to enter an unrecoverable state when processing traffic and results in a denial-of-service (DoS) to the network interface.

Palo Alto Networks VM-Series (virtual) firewalls that have an enabled NVIDIA network interface card use the affected NVIDIA DPDK module on PAN-OS 10.1 and later versions of PAN-OS software but there are no scenarios that enable successful exploitation of this vulnerability in PAN-OS software. As a result, this vulnerability has no security impact on these firewalls.

This issue does not impact Palo Alto Networks PA-Series (hardware) firewalls, VM-Series (virtual) firewalls, CN-Series (container) firewalls, Panorama virtual appliances, Panorama M-Series appliances, Cloud NGFW customers, or Prisma Access customers.

To reiterate, there is no known security impact for this vulnerability in PAN-OS software.

Product Status

VersionsAffectedUnaffected
Cloud NGFW Noneall
PAN-OS 10.2Noneall
PAN-OS 10.1Noneall
PAN-OS 10.0Noneall
PAN-OS 9.1Noneall
PAN-OS 9.0Noneall
PAN-OS 8.1Noneall
Prisma Access 3.1Noneall
Prisma Access 3.0Noneall
Prisma Access 2.2Noneall
Prisma Access 2.1Noneall

Severity:NONE

CVSSv3.1 Base Score:0 (CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-20 Improper Input Validation

Solution

No product updates are required for Palo Alto Networks products at this time.

Frequently Asked Questions

Q. I received a notification from Microsoft about CVE-2022-28199. Is my PAN-OS firewall deployed in Microsoft Azure vulnerable?

No, even though Microsoft Azure deployments of Palo Alto Networks PAN-OS firewalls can use the affected NVIDIA DPDK module they are not impacted by this vulnerability. There are no scenarios that enable successful exploitation of this vulnerability in PAN-OS software.

Timeline

Initial publication
© 2022 Palo Alto Networks, Inc. All rights reserved.