On 11/12/2019 3:15 PM, Ferruh Yigit wrote: > A vulnerability was fixed in DPDK. > > Some downstream stakeholders were warned in advance in order to coordinate the > release of fixes and reduce the vulnerability window. > > Problem: > A malicious container which has direct access to the vhost-user socket can > keep > sending messages which may cause leaking resources until resulting a DOS. > > All users of the vhost library are strongly encouraged to upgrade as soon as > possible. > > CVE-2019-14818 > Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=363 > Severity: Medium > CVSS scores: 6.8
And thanks to the "Jason Wang" [1] for reporting the vulnerability, all credits for discovering the issue goes to him. [1] Jason Wang <jasow...@redhat.com>
