CVE-2022-0669

2022-08-2915:15:09

CWE-400

[email protected]

web.nvd.nist.gov

cve-2022-0669

dpdk

vhost-user

denial of service

security flaw

nvd

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.3%

JSON

A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.

Affected configurations

Vulners

NVD

Node

dpdkdpdkRange≤19.11

dpdkdpdkRange≤22.03

VendorProductVersionCPE
dpdkdpdk*cpe:2.3:o:dpdk:dpdk:*:*:*:*:*:*:*:*
dpdkdpdk*cpe:2.3:o:dpdk:dpdk:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dpdk	dpdk	*	cpe:2.3:o:dpdk:dpdk::::::::
dpdk	dpdk	*	cpe:2.3:o:dpdk:dpdk::::::::

CNA Affected

[
  {
    "product": "DPDK",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Affects v19.11-rc1 and later, Fixed in v22.03-rc4."
      }
    ]
  }
]