CVE-2022-0669

Published: Aug 29, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Exploitability: 2.0 / Impact: 4.0

Source: NVD

Description

A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.

Affected (12)

Products: Dpdk: Data Plane Development Kit · Openvswitch: Openvswitch · Redhat: Openshift Container Platform

1 product

Data Plane Development Kit

1 product

1 product

Openshift Container Platform

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Dpdk Data Plane Development Kit	From 20.02 to 22.03
Dpdk Data Plane Development Kit	Version 19.11
Dpdk Data Plane Development Kit	Version 19.11 rc1
Dpdk Data Plane Development Kit	Version 19.11 rc2
Dpdk Data Plane Development Kit	Version 19.11 rc3
Dpdk Data Plane Development Kit	Version 19.11 rc4
Dpdk Data Plane Development Kit	Version 22.03 rc1
Dpdk Data Plane Development Kit	Version 22.03 rc2
Dpdk Data Plane Development Kit	Version 22.03 rc3

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Openvswitch Openvswitch	Version 2.13.0
Openvswitch Openvswitch	Version 2.15.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Openshift Container Platform	Version 4.0

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (10)

https://access.redhat.com/security/cve/CVE-2022-0669

Source: secalert@redhat.com

Third Party Advisory

https://bugs.dpdk.org/show_bug.cgi?id=922

Source: secalert@redhat.com

PatchVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2055793

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227

Source: secalert@redhat.com

PatchThird Party Advisory

https://security-tracker.debian.org/tracker/CVE-2022-0669

Source: secalert@redhat.com

PatchThird Party Advisory

https://access.redhat.com/security/cve/CVE-2022-0669

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugs.dpdk.org/show_bug.cgi?id=922

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2055793

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://security-tracker.debian.org/tracker/CVE-2022-0669

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.