CVE-2022-0669

A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.

Published: Aug 29, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-0669
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
dpdk / data_plane_development_kit	22.03-rc2	22.03-rc2.x
dpdk / data_plane_development_kit	22.03-rc3	22.03-rc3.x
dpdk / data_plane_development_kit	22.03-rc1	22.03-rc1.x
dpdk / data_plane_development_kit	19.11	19.11.x
dpdk / data_plane_development_kit	20.02	22.03
dpdk / data_plane_development_kit	19.11-rc1	19.11-rc1.x
dpdk / data_plane_development_kit	19.11-rc2	19.11-rc2.x
dpdk / data_plane_development_kit	19.11-rc3	19.11-rc3.x
dpdk / data_plane_development_kit	19.11-rc4	19.11-rc4.x
openvswitch / openvswitch	2.15.0	2.15.0.x
openvswitch / openvswitch	2.13.0	2.13.0.x
redhat / openshift_container_platform	4.0	4.0.x

Vulnerability Database

289,599

CVE-2022-0669