A vulnerability was fixed in DPDK.
Some downstream stakeholders were warned in advance
in order to coordinate the release of fixes
and reduce the vulnerability window.

It's an issue in the handling of vhost-user inflight type messages. A malicious 
vhost-user master can attach an unexpected number of fds as ancillary data to 
VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not 
closed by the vhost-user slave. By sending such messages continuously, the 
vhost-user master could exhaust available fd in the vhost-user slave process 
and lead to a DoS.

Commits: af74f7db384e on the main branch

CVE: CVE-2022-0669
Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=922
Severity: 6.5 (Medium)
CVSS scores: 3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Reply via email to