|
Message-ID: <SJ0PR11MB5006E1D447596CFDF564B946DCC29@SJ0PR11MB5006.namprd11.prod.outlook.com> Date: Thu, 5 May 2022 01:55:20 +0000 From: "Jiang, Cheng1" <cheng1.jiang@...el.com> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: DPDK CVE-2022-0669 Release Notice A vulnerability was fixed in DPDK. Some downstream stakeholders were warned in advance in order to coordinate the release of fixes and reduce the vulnerability window. It's an issue in the handling of vhost-user inflight type messages. A malicious vhost-user master can attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master could exhaust available fd in the vhost-user slave process and lead to a DoS. Commits: af74f7db384e on the main branch CVE: CVE-2022-0669 Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=922 Severity: 6.5 (Medium) CVSS scores: 3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Thanks Cheng Jiang, on behalf of the DPDK security team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.