Product:

Data_plane_development_kit

(Dpdk)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 15
Date Id Summary Products Score Patch Annotated
2022-08-31 CVE-2022-2132 A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK. Debian_linux, Data_plane_development_kit, Fedora, Enterprise_linux, Enterprise_linux_fast_datapath, Openshift_container_platform, Openstack_platform, Virtualization 8.6
2020-05-19 CVE-2020-10722 A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption. Ubuntu_linux, Data_plane_development_kit, Fedora, Leap, Communications_session_border_controller, Enterprise_communications_broker 6.7
2020-05-19 CVE-2020-10723 A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption. Ubuntu_linux, Data_plane_development_kit, Fedora, Leap, Communications_session_border_controller, Enterprise_communications_broker 6.7
2020-05-20 CVE-2020-10725 A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`. Data_plane_development_kit, Fedora, Leap, Enterprise_communications_broker 7.7
2020-05-20 CVE-2020-10726 A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service. Data_plane_development_kit, Fedora, Leap, Enterprise_communications_broker 4.4
2022-08-29 CVE-2022-0669 A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service. Data_plane_development_kit, Openvswitch, Openshift_container_platform 6.5
2022-08-23 CVE-2021-3839 A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability. Data_plane_development_kit, Fedora, Enterprise_linux, Enterprise_linux_fast_datapath 7.5
2020-09-30 CVE-2020-14378 An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period. Ubuntu_linux, Data_plane_development_kit, Leap 3.3
2019-11-14 CVE-2019-14818 A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition. Data_plane_development_kit, Fedora, Enterprise_linux_fast_datapath, Openstack, Virtualization_eus 7.5
2020-05-19 CVE-2020-10724 A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read. Ubuntu_linux, Data_plane_development_kit, Fedora 4.4