DPDK announcements
 help / color / mirror / Atom feed
* CVE-2022-0669 Release Notice
@ 2022-05-05  1:46 Jiang, Cheng1
  0 siblings, 0 replies; only message in thread
From: Jiang, Cheng1 @ 2022-05-05  1:46 UTC (permalink / raw)
  To: announce

[-- Attachment #1: Type: text/plain, Size: 781 bytes --]

A vulnerability was fixed in DPDK.
Some downstream stakeholders were warned in advance
in order to coordinate the release of fixes
and reduce the vulnerability window.

It's an issue in the handling of vhost-user inflight type messages. A malicious vhost-user master can attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master could exhaust available fd in the vhost-user slave process and lead to a DoS.

Commits: af74f7db384e on the main branch

CVE: CVE-2022-0669
Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=922
Severity: 6.5 (Medium)
CVSS scores: 3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H


[-- Attachment #2: Type: text/html, Size: 2990 bytes --]

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2022-05-09 17:51 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-05  1:46 CVE-2022-0669 Release Notice Jiang, Cheng1

DPDK announcements

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.dpdk.org/announce/0 announce/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 announce announce/ http://inbox.dpdk.org/announce \
		announce@dpdk.org
	public-inbox-index announce

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.announce


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git