DPDK Data Plane Development Kit 18.11.10

CPE Details

DPDK Data Plane Development Kit 18.11.10
dpdk
data_plane_development_kit
18.11.10
2021-01-14
18h25 +00:00
2021-01-14
18h25 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:dpdk:data_plane_development_kit:18.11.10:*:*:*:*:*:*:*

Informations

Vendor

dpdk

Product

data_plane_development_kit

Version

18.11.10

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-2132 2022-08-31 13h32 +00:00 A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
8.6
High
CVE-2021-3839 2022-08-23 13h52 +00:00 A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.
7.5
High
CVE-2020-10725 2020-05-20 11h16 +00:00 A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`.
7.7
High
CVE-2020-10726 2020-05-20 11h04 +00:00 A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service.
6
Medium