Published: 29/08/2022 Updated: 01/09/2022

CVSS v3 Base Score: 6.5 | Impact Score: 4 | Exploitability Score: 2

VMScore: 0

A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dpdk data plane development kit 22.03
dpdk data plane development kit 19.11
dpdk data plane development kit
openvswitch openvswitch 2.15.0
openvswitch openvswitch 2.13.0
redhat openshift container platform 4.0

Debian Bug report logs - #1010641 dpdk: CVE-2021-3839 and CVE-2022-0669 Package: src:dpdk; Maintainer for src:dpdk is Debian DPDK Maintainers <pkg-dpdk-devel@listsaliothdebianorg>; Reported by: Luca Boccassi <bluca@debianorg> Date: Thu, 5 May 2022 21:27:01 UTC Severity: serious Tags: security, upstream Found in ...

Several security issues were fixed in DPDK ...

Two vulnerabilities were discovered in the vhost code of DPDK, a set of libraries for fast packet processing, which could result in denial of service or the execution of arbitrary code The oldstable distribution (buster) is not affected For the stable distribution (bullseye), these problems have been fixed in version 20115-1~deb11u1 We recomme ...

Synopsis Moderate: openvswitch216 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openvswitch216 is now available in Fast Datapath for Red HatEnterprise Linux 8Red Hat Product Security has ...

Synopsis Moderate: openvswitch215 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openvswitch215 is now available in Fast Datapath for Red HatEnterprise Linux 8Red Hat Product Security has ...

Synopsis Moderate: openvswitch213 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openvswitch213 is now available in Fast Datapath for Red HatEnterprise Linux 8Red Hat Product Security has ...

A malicious vhost-user master can attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave By sending such messages continuously, the vhost-user master could exhaust available fd in the vhost-user slave process and lead to a DoS ...

EPSS(Exploit Prediction Scoring System) API client

EPSS API Client EPSS(Exploit Prediction Scoring System) API client EPSS is the one of famous vulnerability score developed by FIRST (the Forum of Incident Response and Security Teams) EPSS's definition: The Exploit Prediction Scoring System (EPSS) is an open, data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exp

NVD-CWE-noinfo https://access.redhat.com/security/cve/CVE-2022-0669 https://bugzilla.redhat.com/show_bug.cgi?id=2055793 https://bugs.dpdk.org/show_bug.cgi?id=922 https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227 https://security-tracker.debian.org/tracker/CVE-2022-0669 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010641 https://ubuntu.com/security/notices/USN-5401-1 https://nvd.nist.gov https://www.debian.org/security/2022/dsa-5130

CVE-2022-0669

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect