CVE-2022-28199 Informational: PAN-OS: Impact of the NVIDIA Dataplane Development Kit (DPDK) Vulnerability CVE-2022-28199

Description

The Palo Alto Networks Product Security Assurance team evaluated the NVIDIA Dataplane Development Kit (DPDK) vulnerability (CVE-2022-28199) as it relates to our products.

This vulnerability causes networking stacks that use the NVIDIA distribution of the DPDK to enter an unrecoverable state when processing traffic and results in a denial-of-service (DoS) to the network interface.

Palo Alto Networks VM-Series (virtual) firewalls that have an enabled NVIDIA network interface card use the affected NVIDIA DPDK module on PAN-OS 10.1 and later versions of PAN-OS software but there are no scenarios that enable successful exploitation of this vulnerability in PAN-OS software. As a result, this vulnerability has no security impact on these firewalls.

This issue does not impact Palo Alto Networks PA-Series (hardware) firewalls, VM-Series (virtual) firewalls, CN-Series (container) firewalls, Panorama virtual appliances, Panorama M-Series appliances, Cloud NGFW customers, or Prisma Access customers.

To reiterate, there is no known security impact for this vulnerability in PAN-OS software.

Product Status

Severity: NONE

CVSSv3.1 Base Score: 0 (CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Weakness Type

CWE-20 Improper Input Validation

Solution

No product updates are required for Palo Alto Networks products at this time.

Frequently Asked Questions

Q.I received a notification from Microsoft about CVE-2022-28199. Is my PAN-OS firewall deployed in Microsoft Azure vulnerable?

No, even though Microsoft Azure deployments of Palo Alto Networks PAN-OS firewalls can use the affected NVIDIA DPDK module they are not impacted by this vulnerability. There are no scenarios that enable successful exploitation of this vulnerability in PAN-OS software.

Timeline