CVE-2022-0669
dpdk: sending vhost-user-inflight type messages could lead to DoS
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.
Se ha encontrado un fallo en dpdk. Este fallo permite a un vhost-user master malicioso adjuntar un número inesperado de fds como datos auxiliares a los mensajes VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD que no son cerrados por el vhost-user slave. Al enviar dichos mensajes continuamente, el maestro vhost-user agota los fd disponibles en el proceso esclavo vhost-user, conllevando a una denegación de servicio
A flaw was found in dpdk, which allows a malicious primary vhost-user to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the secondary vhost-user. By sending such messages continuously, the primary vhost-user exhausts available fd in the vhost-user standby process, leading to a denial of service.
Wenxiang Qian discovered that DPDK incorrectly checked certain payloads. An attacker could use this issue to cause DPDK to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that DPDK incorrectly handled inflight type messages. An attacker could possibly use this issue to cause DPDK to consume resources, leading to a denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-02-17 CVE Reserved
- 2022-05-04 CVE Published
- 2024-08-02 CVE Updated
- 2025-04-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (5)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugs.dpdk.org/show_bug.cgi?id=922 | 2022-09-01 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2055793 | 2022-05-27 | |
| https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227 | 2022-09-01 | |
| https://security-tracker.debian.org/tracker/CVE-2022-0669 | 2022-09-01 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2022-0669 | 2022-05-27 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dpdk Search vendor "Dpdk" | Data Plane Development Kit Search vendor "Dpdk" for product "Data Plane Development Kit" | >= 20.02 < 22.03 Search vendor "Dpdk" for product "Data Plane Development Kit" and version " >= 20.02 < 22.03" | - |
Affected
| ||||||
| Dpdk Search vendor "Dpdk" | Data Plane Development Kit Search vendor "Dpdk" for product "Data Plane Development Kit" | 19.11 Search vendor "Dpdk" for product "Data Plane Development Kit" and version "19.11" | - |
Affected
| ||||||
| Dpdk Search vendor "Dpdk" | Data Plane Development Kit Search vendor "Dpdk" for product "Data Plane Development Kit" | 19.11 Search vendor "Dpdk" for product "Data Plane Development Kit" and version "19.11" | rc1 |
Affected
| ||||||
| Dpdk Search vendor "Dpdk" | Data Plane Development Kit Search vendor "Dpdk" for product "Data Plane Development Kit" | 19.11 Search vendor "Dpdk" for product "Data Plane Development Kit" and version "19.11" | rc2 |
Affected
| ||||||
| Dpdk Search vendor "Dpdk" | Data Plane Development Kit Search vendor "Dpdk" for product "Data Plane Development Kit" | 19.11 Search vendor "Dpdk" for product "Data Plane Development Kit" and version "19.11" | rc3 |
Affected
| ||||||
| Dpdk Search vendor "Dpdk" | Data Plane Development Kit Search vendor "Dpdk" for product "Data Plane Development Kit" | 19.11 Search vendor "Dpdk" for product "Data Plane Development Kit" and version "19.11" | rc4 |
Affected
| ||||||
| Dpdk Search vendor "Dpdk" | Data Plane Development Kit Search vendor "Dpdk" for product "Data Plane Development Kit" | 22.03 Search vendor "Dpdk" for product "Data Plane Development Kit" and version "22.03" | rc1 |
Affected
| ||||||
| Dpdk Search vendor "Dpdk" | Data Plane Development Kit Search vendor "Dpdk" for product "Data Plane Development Kit" | 22.03 Search vendor "Dpdk" for product "Data Plane Development Kit" and version "22.03" | rc2 |
Affected
| ||||||
| Dpdk Search vendor "Dpdk" | Data Plane Development Kit Search vendor "Dpdk" for product "Data Plane Development Kit" | 22.03 Search vendor "Dpdk" for product "Data Plane Development Kit" and version "22.03" | rc3 |
Affected
| ||||||
| Openvswitch Search vendor "Openvswitch" | Openvswitch Search vendor "Openvswitch" for product "Openvswitch" | 2.13.0 Search vendor "Openvswitch" for product "Openvswitch" and version "2.13.0" | - |
Affected
| ||||||
| Openvswitch Search vendor "Openvswitch" | Openvswitch Search vendor "Openvswitch" for product "Openvswitch" | 2.15.0 Search vendor "Openvswitch" for product "Openvswitch" and version "2.15.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | 4.0 Search vendor "Redhat" for product "Openshift Container Platform" and version "4.0" | - |
Affected
| ||||||