DPDK announcements
 help / color / mirror / Atom feed
From: "Jiang, Cheng1" <cheng1.jiang@intel.com>
To: "announce@dpdk.org" <announce@dpdk.org>
Subject: CVE-2021-3839 Release Notice
Date: Thu, 5 May 2022 01:42:06 +0000	[thread overview]
Message-ID: <SJ0PR11MB500667250EAC958D15489AFFDCC29@SJ0PR11MB5006.namprd11.prod.outlook.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 557 bytes --]

A vulnerability was fixed in DPDK.
Some downstream stakeholders were warned in advance
in order to coordinate the release of fixes
and reduce the vulnerability window.

In DPDK Vhost communication, we didn't test if msg->payload.inflight.num_queues is out of bounds in function 'vhost_user_set_inflight_fd()', and could cause the program to write OOB.

Commits: 6442c329b9d2 on the main branch

CVE: CVE-2021-3839
Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=657
Severity: 5.2 (Medium)
CVSS scores: 3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

[-- Attachment #2: Type: text/html, Size: 2809 bytes --]

                 reply	other threads:[~2022-05-09 17:51 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=SJ0PR11MB500667250EAC958D15489AFFDCC29@SJ0PR11MB5006.namprd11.prod.outlook.com \
    --to=cheng1.jiang@intel.com \
    --cc=announce@dpdk.org \


* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).