Back to search
CVE-2022-0669
Published: Aug 29, 2022
Modified: Aug 2, 2024
PUBLISHED
Description
A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.
| Vendor | Product | Versions |
|---|---|---|
n/a | DPDK | affected Affects v19.11-rc1 and later, Fixed in v22.03-rc4. |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=2055793
x_refsource_MISC
https://bugs.dpdk.org/show_bug.cgi?id=922
x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2022-0669
x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2022-0669
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now