A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2022-0669 | Third Party Advisory |
https://bugs.dpdk.org/show_bug.cgi?id=922 | Patch Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2055793 | Issue Tracking Patch Third Party Advisory |
https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227 | Patch Third Party Advisory |
https://security-tracker.debian.org/tracker/CVE-2022-0669 | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
01 Sep 2022, 20:35
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://access.redhat.com/security/cve/CVE-2022-0669 - Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2055793 - Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227 - Patch, Third Party Advisory | |
References | (MISC) https://security-tracker.debian.org/tracker/CVE-2022-0669 - Patch, Third Party Advisory | |
References | (MISC) https://bugs.dpdk.org/show_bug.cgi?id=922 - Patch, Vendor Advisory | |
CPE | cpe:2.3:a:openvswitch:openvswitch:2.13.0:*:*:*:*:*:*:* cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc1:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:* cpe:2.3:a:openvswitch:openvswitch:2.15.0:*:*:*:*:*:*:* cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc1:*:*:*:*:*:* cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:* cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc2:*:*:*:*:*:* cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc3:*:*:*:*:*:* cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc3:*:*:*:*:*:* cpe:2.3:a:dpdk:data_plane_development_kit:19.11:*:*:*:*:*:*:* cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc2:*:*:*:*:*:* cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc4:*:*:*:*:*:* |
|
First Time |
Dpdk
Redhat Redhat openshift Container Platform Openvswitch Dpdk data Plane Development Kit Openvswitch openvswitch |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CWE | NVD-CWE-noinfo |
29 Aug 2022, 15:48
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-29 15:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-0669
Mitre link : CVE-2022-0669
CVE.ORG link : CVE-2022-0669
JSON object : View
Products Affected
dpdk
- data_plane_development_kit
redhat
- openshift_container_platform
openvswitch
- openvswitch
CWE