CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
EPSS
Percentile
14.2%
A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.
Vendor | Product | Version | CPE |
---|---|---|---|
dpdk | data_plane_development_kit | * | cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:* |
dpdk | data_plane_development_kit | 19.11 | cpe:2.3:a:dpdk:data_plane_development_kit:19.11:*:*:*:*:*:*:* |
dpdk | data_plane_development_kit | 19.11 | cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc1:*:*:*:*:*:* |
dpdk | data_plane_development_kit | 19.11 | cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc2:*:*:*:*:*:* |
dpdk | data_plane_development_kit | 19.11 | cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc3:*:*:*:*:*:* |
dpdk | data_plane_development_kit | 19.11 | cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc4:*:*:*:*:*:* |
dpdk | data_plane_development_kit | 22.03 | cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc1:*:*:*:*:*:* |
dpdk | data_plane_development_kit | 22.03 | cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc2:*:*:*:*:*:* |
dpdk | data_plane_development_kit | 22.03 | cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc3:*:*:*:*:*:* |
openvswitch | openvswitch | 2.13.0 | cpe:2.3:a:openvswitch:openvswitch:2.13.0:*:*:*:*:*:*:* |