CVE-2022-0669
Summary
| CVE | CVE-2022-0669 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-08-29 15:15:00 UTC |
| Updated | 2022-09-01 20:35:00 UTC |
| Description | A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Dpdk | Data Plane Development Kit | All | All | All | All |
| Application | Dpdk | Data Plane Development Kit | 19.11 | All | All | All |
| Application | Dpdk | Data Plane Development Kit | 19.11 | rc1 | All | All |
| Application | Dpdk | Data Plane Development Kit | 19.11 | rc2 | All | All |
| Application | Dpdk | Data Plane Development Kit | 19.11 | rc3 | All | All |
| Application | Dpdk | Data Plane Development Kit | 19.11 | rc4 | All | All |
| Application | Dpdk | Data Plane Development Kit | 22.03 | rc1 | All | All |
| Application | Dpdk | Data Plane Development Kit | 22.03 | rc2 | All | All |
| Application | Dpdk | Data Plane Development Kit | 22.03 | rc3 | All | All |
| Application | Openvswitch | Openvswitch | 2.13.0 | All | All | All |
| Application | Openvswitch | Openvswitch | 2.15.0 | All | All | All |
| Application | Redhat | Openshift Container Platform | 4.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2022-0669 | MISC | security-tracker.debian.org | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| vhost: fix FD leak with inflight messages · DPDK/dpdk@af74f7d · GitHub | MISC | github.com | |
| 922 – CVE-2022-0669 State: Confirmed (Issue in handling of vhost-user inflight type messages) | MISC | bugs.dpdk.org | |
| 2055793 – (CVE-2022-0669) CVE-2022-0669 dpdk: sending vhost-user-inflight type messages could lead to DoS | MISC | bugzilla.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 179268 Debian Security Update for dpdk (DSA 5130-1)
- 182072 Debian Security Update for dpdk (CVE-2022-0669)
- 198772 Ubuntu Security Notification for DPDK Vulnerabilities (USN-5401-1)
- 672077 EulerOS Security Update for dpdk (EulerOS-SA-2022-2254)
- 672079 EulerOS Security Update for dpdk (EulerOS-SA-2022-2241)
- 672084 EulerOS Security Update for dpdk (EulerOS-SA-2022-2284)
- 672133 EulerOS Security Update for dpdk (EulerOS-SA-2022-2313)
- 752291 SUSE Enterprise Linux Security Update for dpdk (SUSE-SU-2022:2273-1)
- 753440 SUSE Enterprise Linux Security Update for dpdk (SUSE-SU-2022:1892-1)