Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
data plane development kit vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-0669
A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously,...
Dpdk Data Plane Development Kit 22.03
Dpdk Data Plane Development Kit 19.11
Dpdk Data Plane Development Kit
Openvswitch Openvswitch 2.15.0
Openvswitch Openvswitch 2.13.0
Redhat Openshift Container Platform 4.0
1 Github repository
7.5
CVSSv3
CVE-2021-3839
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.
Dpdk Data Plane Development Kit
Dpdk Data Plane Development Kit 22.03
Fedoraproject Fedora 35
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Redhat Enterprise Linux Fast Datapath 7.0
Redhat Enterprise Linux Fast Datapath 8.0
8.8
CVSSv3
CVE-2020-14374
A flaw was found in dpdk in versions prior to 18.11.10 and prior to 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest...
Dpdk Data Plane Development Kit
Opensuse Leap 15.1
Canonical Ubuntu Linux 20.04
Opensuse Leap 15.2
7.8
CVSSv3
CVE-2020-14375
A flaw was found in dpdk in versions prior to 18.11.10 and prior to 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vho...
Dpdk Data Plane Development Kit
Opensuse Leap 15.1
Canonical Ubuntu Linux 20.04
Opensuse Leap 15.2
7.8
CVSSv3
CVE-2020-14376
A flaw was found in dpdk in versions prior to 18.11.10 and prior to 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and int...
Dpdk Data Plane Development Kit
Opensuse Leap 15.1
Canonical Ubuntu Linux 20.04
Opensuse Leap 15.2
7.1
CVSSv3
CVE-2020-14377
A flaw was found in dpdk in versions prior to 18.11.10 and prior to 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability ...
Dpdk Data Plane Development Kit
Canonical Ubuntu Linux 20.04
Opensuse Leap 15.1
Opensuse Leap 15.2
3.3
CVSSv3
CVE-2020-14378
An integer underflow in dpdk versions prior to 18.11.10 and prior to 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depend...
Dpdk Data Plane Development Kit
Opensuse Leap 15.1
Canonical Ubuntu Linux 20.04
Opensuse Leap 15.2
4.4
CVSSv3
CVE-2020-10724
A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read.
Dpdk Data Plane Development Kit
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Fedoraproject Fedora 32
Canonical Ubuntu Linux 20.04
7.7
CVSSv3
CVE-2020-10725
A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a miss...
Dpdk Data Plane Development Kit
Fedoraproject Fedora 32
Opensuse Leap 15.1
Oracle Enterprise Communications Broker 3.1.0
Oracle Enterprise Communications Broker 3.2.0
4.4
CVSSv3
CVE-2020-10726
A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of s...
Dpdk Data Plane Development Kit
Fedoraproject Fedora 32
Opensuse Leap 15.1
Oracle Enterprise Communications Broker 3.1.0
Oracle Enterprise Communications Broker 3.2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »