CVE-2022-28199 Informational: PAN-OS: Impact of the NVIDIA Dataplane Development Kit (DPDK) Vulnerability CVE-2022-28199

Informational

CVE JSON CSAF

Published 2022-09-14

Updated 2022-09-14

Reference PAN-201578

Discovered externally

Description

The Palo Alto Networks Product Security Assurance team evaluated the NVIDIA Dataplane Development Kit (DPDK) vulnerability (CVE-2022-28199) as it relates to our products.

This vulnerability causes networking stacks that use the NVIDIA distribution of the DPDK to enter an unrecoverable state when processing traffic and results in a denial-of-service (DoS) to the network interface.

Palo Alto Networks VM-Series (virtual) firewalls that have an enabled NVIDIA network interface card use the affected NVIDIA DPDK module on PAN-OS 10.1 and later versions of PAN-OS software but there are no scenarios that enable successful exploitation of this vulnerability in PAN-OS software. As a result, this vulnerability has no security impact on these firewalls.

This issue does not impact Palo Alto Networks PA-Series (hardware) firewalls, VM-Series (virtual) firewalls, CN-Series (container) firewalls, Panorama virtual appliances, Panorama M-Series appliances, Cloud NGFW customers, or Prisma Access customers.

To reiterate, there is no known security impact for this vulnerability in PAN-OS software.

Product Status

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-20 Improper Input Validation

Solution

No product updates are required for Palo Alto Networks products at this time.

Frequently Asked Questions

Q. I received a notification from Microsoft about CVE-2022-28199. Is my PAN-OS firewall deployed in Microsoft Azure vulnerable?

No, even though Microsoft Azure deployments of Palo Alto Networks PAN-OS firewalls can use the affected NVIDIA DPDK module they are not impacted by this vulnerability. There are no scenarios that enable successful exploitation of this vulnerability in PAN-OS software.

Timeline