[nsp-sec] DPDK/ Hauwei (CN) DPDK security concerns
John Schiel
jschiel at flowtools.net
Fri Aug 14 10:54:42 EDT 2020
Sorry for cross-posting.
I have a co-worker who's raising some concerns regarding potential code changes to drivers and the linux kernel which could allow side channel attacks of network traffic. His references so far seem to have been debunked a bit but he's adamant something nefarious could be going on with the code around DPDK.
https://grsecurity.net/huawei_hksp_introduces_trivially_exploitable_vulnerability
https://www.zdnet.com/article/huawei-denies-involvement-in-buggy-linux-kernel-patch-proposal/
https://www.fiercetelecom.com/telecom/huawei-introduces-dual-modes-multi-protocols-multi-instances-dmm-container-project
There is some 2 year old DMM code from Hauwei but not sure if or where it might be used.https://github.com/Huawei/DMM. The gerrit link from fd.io for DMM code goes 404.https://gerrit.fd.io/r/dmm
The Fast Data Project (FD.io) Universal Dataplane is a collaborative open source project that aims to significantly establish a high-performance IO services framework for dynamic computing environments.
TL;DR
Is or has anyone else been looking into any security concerns with CN or other nation states contributing driver or kernel code which could allow side channel attacks and/or other shenanigans?
One point postulated is that Huawei removed some error handling code tied to certain CVEs.
It's not just code review but an overall look at efforts by a nation state to be able to get into the network stream and see the traffic in the network?
I can't fully discount his claims yet and from what I see so far, there are people/controls in place to at least look at code submitted to repos such as the kernel or fd.io that should catch bad/questionable code but I just don't know if someone is taking a holistic view of code changes to determine if there are vulnerabilities.
--John Schiel
More information about the nsp-security
mailing list