Vulnerabilities > CVE-2022-0669

CVSS 6.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

dpdk

openvswitch

redhat

NVD

Published: 2022-08-29

Updated: 2022-09-01

Summary

A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.

Vulnerable Configurations

Part	Description	Count
Application	Dpdk Dpdk Data Plane Development KIT 22.03 Dpdk Data Plane Development KIT 19.11 Dpdk Data Plane Development KIT 20.02 Dpdk Data Plane Development KIT 20.05 Dpdk Data Plane Development KIT 21.02 Dpdk Data Plane Development KIT 21.05 Dpdk Data Plane Development KIT 21.08 Dpdk Data Plane Development KIT 21.11	30
Application	Openvswitch Openvswitch Openvswitch 2.15.0 Openvswitch Openvswitch 2.13.0	2
Application	Redhat Redhat Openshift Container Platform 4.0	1

Vulnerabilities > CVE-2022-0669 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2022-0669"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2022-0669