← Back

CVE-2021-3839

nvd nist
Published: Aug 23, 2022Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.

Affected (10)

Dpdk
1 product
Data Plane Development Kit
Fedoraproject
1 product
Fedora
Redhat
2 products
Enterprise Linux
Enterprise Linux Fast Datapath
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Dpdk
Data Plane Development Kit
Before 22.03
Data Plane Development Kit
Version 22.03 rc1
Data Plane Development Kit
Version 22.03 rc2
Data Plane Development Kit
Version 22.03 rc3
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 35
Configuration C
3 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Enterprise Linux
Version 7.0
Enterprise Linux
Version 8.0
Enterprise Linux
Version 9.0
Configuration D
2 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Enterprise Linux Fast Datapath
Version 7.0
Enterprise Linux Fast Datapath
Version 8.0

Related CWEs

CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (6)

Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Issue TrackingPatchThird Party Advisory
Source: secalert@redhat.com
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.