CVE-2022-0669

CVSS v3.1

6.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions DPDK (affected versions not specified)

Description The issue is related to an uncontrolled resource consumption in the DPDK library and driver set, which can lead to a denial of service. A malicious vhost-user master can attach an unexpected number of file descriptors as ancillary data to VHOST USER GET INFLIGHT FD and VHOST USER SET INFLIGHT FD messages, causing the vhost-user slave process to exhaust available file descriptors when these messages are sent continuously.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALT-PU-2023-4553

BDU:2024-07307

CVE-2022-0669

DSA-5130-1

OESA-2022-1713

OPENSUSE-SU-2022_1892-1

OPENSUSE-SU-2024:12039-1

RHSA-2022:4786

RHSA-2022:4787

RHSA-2022:4788

SUSE-SU-2022:1892-1

SUSE-SU-2022:2273-1

USN-5401-1

Affected Products

Alt Linux

Astra Linux

Dpdk

Linuxmint

Suse

Ubuntu

CVE-2022-0669

Weakness Enumeration

Related Identifiers

Affected Products

References · 32