CVE-2022-0669

Published Aug 29, 2022

Last updated 2 years ago

CVSS medium 6.5

Overview

Description: A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 4
Exploitability score: 2
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
secalert@redhat.com: CWE-400

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "00189B34-1D41-4AE8-988A-65013F529ABA",
            "versionEndExcluding": "22.03",
            "versionStartIncluding": "20.02"
          },
          {
            "criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D54C8537-09ED-447B-A677-C1B31CD43BE0"
          },
          {
            "criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D64C9BE-1254-4E55-A4B9-BE0059E4AC88"
          },
          {
            "criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98F76795-E087-4163-8803-2DFA0571F720"
          },
          {
            "criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F057C6ED-3DC1-41AD-A982-3DBA9FFBDC83"
          },
          {
            "criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F65AF826-2336-48B7-A364-BEAC013CA4BC"
          },
          {
            "criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB0AB20E-A20A-4087-B944-6A1B6E7E936B"
          },
          {
            "criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A0E6108-A040-4749-85A6-C1DA127F482A"
          },
          {
            "criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "844676DA-EA6F-4DA7-8248-6AD0139CC919"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:openvswitch:openvswitch:2.13.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "905886CA-734C-4988-8882-664826DFFEC2"
          },
          {
            "criteria": "cpe:2.3:a:openvswitch:openvswitch:2.15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B5C7BBB-D091-4A58-9316-AECF82506865"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References