CVE-2022-0669
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
29/08/2022
Last modified:
01/09/2022
Description
A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:* | 20.02 (including) | 22.03 (excluding) |
| cpe:2.3:a:dpdk:data_plane_development_kit:19.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc2:*:*:*:*:*:* | ||
| cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc3:*:*:*:*:*:* | ||
| cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc4:*:*:*:*:*:* | ||
| cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc2:*:*:*:*:*:* | ||
| cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc3:*:*:*:*:*:* | ||
| cpe:2.3:a:openvswitch:openvswitch:2.13.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openvswitch:openvswitch:2.15.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page