CVE-2021-3839

Debian Bug report logs - #1010641 dpdk: CVE-2021-3839 and CVE-2022-0669 Package: src:dpdk; Maintainer for src:dpdk is Debian DPDK Maintainers <pkg-dpdk-devel@listsaliothdebianorg>; Reported by: Luca Boccassi <bluca@debianorg> Date: Thu, 5 May 2022 21:27:01 UTC Severity: serious Tags: security, upstream Found in ...

Several security issues were fixed in DPDK ...

Two vulnerabilities were discovered in the vhost code of DPDK, a set of libraries for fast packet processing, which could result in denial of service or the execution of arbitrary code The oldstable distribution (buster) is not affected For the stable distribution (bullseye), these problems have been fixed in version 20115-1~deb11u1 We recomme ...

Synopsis Important: dpdk security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for dpdk is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as hav ...

Synopsis Moderate: openvswitch216 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openvswitch216 is now available in Fast Datapath for Red HatEnterprise Linux 8Red Hat Product Security has ...

Synopsis Moderate: openvswitch215 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openvswitch215 is now available in Fast Datapath for Red HatEnterprise Linux 8Red Hat Product Security has ...

Synopsis Moderate: openvswitch213 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openvswitch213 is now available in Fast Datapath for Red HatEnterprise Linux 8Red Hat Product Security has ...

A flaw was found in the vhost library in DPDK Function vhost_user_set_inflight_fd() does not validate `msg->payloadinflightnum_queues`, possibly causing out-of-bounds memory read/write Any software using DPDK vhost library may crash as a result of this vulnerability ...

In function vhost_user_set_inflight_fd() which is in DPDK Vhost library, msg->payloadinflightnum_queues doesn't get checked to determine if it's out of bounds So it could cause the program to write/read out of boundary And in the end the software using DPDK Vhost library may crash ...