AVG-2697 log
| Package | dpdk |
| Status | Fixed |
| Severity | Medium |
| Type | denial of service |
| Affected | 21.11-1 |
| Fixed | 22.03-1 |
| Current |
24.11.1-1 [extra-testing] 24.07-1 [extra] |
| Ticket | None |
| Created | Mon May 9 21:20:03 2022 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2022-0669 | Medium | No | Denial of service | A malicious vhost-user master can attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages... |
| CVE-2021-3839 | Medium | No | Denial of service | In function vhost_user_set_inflight_fd() which is in DPDK Vhost library, msg->payload.inflight.num_queues doesn't get checked to determine if it's out of... |
| Notes |
|---|
Two vulnerabilities were discovered in the vhost code of DPDK, a set of libraries for fast packet processing, which could result in denial of service or the execution of arbitrary code. |