VDB
CVE-2022-0669
CVE-2022-0669
PUBLISHED
CVSS 6.5 MEDIUM
A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.
EPSS 0.19% · 41.2th percentile
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
EPSS Score
0.19%
41.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| redhat | openshift_container_platform | 4.0 |
| dpdk | data_plane_development_kit | 20.02, 19.11, 19.11 |
| n/a | DPDK | Affects v19.11-rc1 and later, Fixed in v22.03-rc4. |
| openvswitch | openvswitch | 2.13.0, 2.15.0 |
Exploit Intelligence
- https://bugzilla.redhat.com/show_bug.cgi?id=2055793 (circl)
- https://bugs.dpdk.org/show_bug.cgi?id=922 (circl)
- https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227 (circl)
- https://access.redhat.com/security/cve/CVE-2022-0669 (circl)
- https://security-tracker.debian.org/tracker/CVE-2022-0669 (circl)
Timeline
- Aug 29, 2022 CVE Published
- Aug 30, 2022 EPSS Score
- Oct 14, 2022 EPSS Score
- Nov 29, 2022 EPSS Score
- Jan 13, 2023 EPSS Score
- Feb 28, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 14, 2023 EPSS Score
- May 30, 2023 EPSS Score
- Jul 14, 2023 EPSS Score
- Aug 29, 2023 EPSS Score
- Oct 13, 2023 EPSS Score
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2055793 url
- https://bugs.dpdk.org/show_bug.cgi?id=922 url
- https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227 url
- https://access.redhat.com/security/cve/CVE-2022-0669 url
- https://security-tracker.debian.org/tracker/CVE-2022-0669 url
- https://nvd.nist.gov/vuln/detail/CVE-2022-0669 advisory