CVE-2022-0669

dpdk: sending vhost-user-inflight type messages could lead to DoS

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.

Se ha encontrado un fallo en dpdk. Este fallo permite a un vhost-user master malicioso adjuntar un número inesperado de fds como datos auxiliares a los mensajes VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD que no son cerrados por el vhost-user slave. Al enviar dichos mensajes continuamente, el maestro vhost-user agota los fd disponibles en el proceso esclavo vhost-user, conllevando a una denegación de servicio

A flaw was found in dpdk, which allows a malicious primary vhost-user to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the secondary vhost-user. By sending such messages continuously, the primary vhost-user exhausts available fd in the vhost-user standby process, leading to a denial of service.

*Credits: N/A

CVSS Scores

NISTv3.1 6.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-02-17 CVE Reserved
2022-05-04 CVE Published
2023-12-04 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-400: Uncontrolled Resource Consumption
CWE-770: Allocation of Resources Without Limits or Throttling

CAPEC

References (5)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://bugs.dpdk.org/show_bug.cgi?id=922	2022-09-01
https://bugzilla.redhat.com/show_bug.cgi?id=2055793	2022-05-27
https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227	2022-09-01
https://security-tracker.debian.org/tracker/CVE-2022-0669	2022-09-01

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-0669	2022-05-27

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Dpdk Search vendor "Dpdk"		Data Plane Development Kit Search vendor "Dpdk" for product "Data Plane Development Kit"				>= 20.02 < 22.03 Search vendor "Dpdk" for product "Data Plane Development Kit" and version " >= 20.02 < 22.03"		-		Affected
Dpdk Search vendor "Dpdk"		Data Plane Development Kit Search vendor "Dpdk" for product "Data Plane Development Kit"				19.11 Search vendor "Dpdk" for product "Data Plane Development Kit" and version "19.11"		-		Affected
Dpdk Search vendor "Dpdk"		Data Plane Development Kit Search vendor "Dpdk" for product "Data Plane Development Kit"				19.11 Search vendor "Dpdk" for product "Data Plane Development Kit" and version "19.11"		rc1		Affected
Dpdk Search vendor "Dpdk"		Data Plane Development Kit Search vendor "Dpdk" for product "Data Plane Development Kit"				19.11 Search vendor "Dpdk" for product "Data Plane Development Kit" and version "19.11"		rc2		Affected
Dpdk Search vendor "Dpdk"		Data Plane Development Kit Search vendor "Dpdk" for product "Data Plane Development Kit"				19.11 Search vendor "Dpdk" for product "Data Plane Development Kit" and version "19.11"		rc3		Affected
Dpdk Search vendor "Dpdk"		Data Plane Development Kit Search vendor "Dpdk" for product "Data Plane Development Kit"				19.11 Search vendor "Dpdk" for product "Data Plane Development Kit" and version "19.11"		rc4		Affected
Dpdk Search vendor "Dpdk"		Data Plane Development Kit Search vendor "Dpdk" for product "Data Plane Development Kit"				22.03 Search vendor "Dpdk" for product "Data Plane Development Kit" and version "22.03"		rc1		Affected
Dpdk Search vendor "Dpdk"		Data Plane Development Kit Search vendor "Dpdk" for product "Data Plane Development Kit"				22.03 Search vendor "Dpdk" for product "Data Plane Development Kit" and version "22.03"		rc2		Affected
Dpdk Search vendor "Dpdk"		Data Plane Development Kit Search vendor "Dpdk" for product "Data Plane Development Kit"				22.03 Search vendor "Dpdk" for product "Data Plane Development Kit" and version "22.03"		rc3		Affected
Openvswitch Search vendor "Openvswitch"		Openvswitch Search vendor "Openvswitch" for product "Openvswitch"				2.13.0 Search vendor "Openvswitch" for product "Openvswitch" and version "2.13.0"		-		Affected
Openvswitch Search vendor "Openvswitch"		Openvswitch Search vendor "Openvswitch" for product "Openvswitch"				2.15.0 Search vendor "Openvswitch" for product "Openvswitch" and version "2.15.0"		-		Affected
Redhat Search vendor "Redhat"		Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform"				4.0 Search vendor "Redhat" for product "Openshift Container Platform" and version "4.0"		-		Affected