CVE-2021-3839

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2021-3839
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2022-08-23 16:15:00 UTC
Updated2023-11-07 03:38:00 UTC
DescriptionA flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.

Risk And Classification

Problem Types: CWE-125 | CWE-787

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Dpdk Data Plane Development Kit All All All All
Application Dpdk Data Plane Development Kit 22.03 rc1 All All
Application Dpdk Data Plane Development Kit 22.03 rc2 All All
Application Dpdk Data Plane Development Kit 22.03 rc3 All All
Operating System Fedoraproject Fedora 35 All All All
Operating System Redhat Enterprise Linux 7.0 All All All
Operating System Redhat Enterprise Linux 8.0 All All All
Operating System Redhat Enterprise Linux 9.0 All All All
Application Redhat Enterprise Linux Fast Datapath 7.0 All All All
Application Redhat Enterprise Linux Fast Datapath 8.0 All All All

References

ReferenceSourceLinkTags
vhost: fix queue number check when setting inflight FD · DPDK/dpdk@6442c32 · GitHub MISC github.com
2025882 – (CVE-2021-3839) CVE-2021-3839 DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash MISC bugzilla.redhat.com
Red Hat Customer Portal - Access to 24x7 support and knowledge MISC access.redhat.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 160307 Oracle Enterprise Linux Security Update for dpdk (ELSA-2022-8263)
  • 179268 Debian Security Update for dpdk (DSA 5130-1)
  • 182127 Debian Security Update for dpdk (CVE-2021-3839)
  • 198772 Ubuntu Security Notification for DPDK Vulnerabilities (USN-5401-1)
  • 240900 Red Hat Update for dpdk (RHSA-2022:8263)
  • 672077 EulerOS Security Update for dpdk (EulerOS-SA-2022-2254)
  • 672079 EulerOS Security Update for dpdk (EulerOS-SA-2022-2241)
  • 672084 EulerOS Security Update for dpdk (EulerOS-SA-2022-2284)
  • 672133 EulerOS Security Update for dpdk (EulerOS-SA-2022-2313)
  • 752291 SUSE Enterprise Linux Security Update for dpdk (SUSE-SU-2022:2273-1)
  • 753440 SUSE Enterprise Linux Security Update for dpdk (SUSE-SU-2022:1892-1)
  • 940804 AlmaLinux Security Update for dpdk (ALSA-2022:8263)
  • 960601 Rocky Linux Security Update for dpdk (RLSA-2022:8263)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report