In function vhost_user_set_inflight_fd() which is in DPDK Vhost library, msg->payload.inflight.num_queues doesn't get checked to determine if it's out of bounds. So it could cause the program to write/read out of boundary. And in the end the software using DPDK Vhost library may crash.
In function vhost_user_set_inflight_fd() which is in DPDK Vhost library, msg->payload.inflight.num_queues doesn't get checked to determine if it's out of bounds. So it could cause the program to write/read out of boundary. And in the end the software using DPDK Vhost library may crash.
https://bugs.dpdk.org/show_bug.cgi?id=657 https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5 https://github.com/DPDK/dpdk/commit/ad0a4ae491fe3b10338441dfdf11a9b3a1c05798