AVG-2697 log

Package dpdk
Status Fixed
Severity Medium
Type denial of service
Affected 21.11-1
Fixed 22.03-1
Current 23.07-1 [extra]
Ticket None
Created Mon May 9 21:20:03 2022
Issue Severity Remote Type Description
CVE-2022-0669 Medium No Denial of service
A malicious vhost-user master can attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages...
CVE-2021-3839 Medium No Denial of service
In function vhost_user_set_inflight_fd() which is in DPDK Vhost library,  msg->payload.inflight.num_queues doesn't get checked to determine if it's out of...
Notes
Two vulnerabilities were discovered in the vhost code of DPDK, a set of libraries for fast packet processing, which could result in denial of service or the execution of arbitrary code.