rpm package
almalinux/dpdk-devel
pkg:rpm/almalinux/dpdk-devel
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-11614 | Hig | 7.4 | < 2:23.11-2.el9_5 | 2:23.11-2.el9_5 | Dec 18, 2024 | An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a m | |
| CVE-2022-28199 | — | < 2:21.11.2-1.el9_1 | 2:21.11.2-1.el9_1 | Sep 1, 2022 | NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality. | ||
| CVE-2022-2132 | — | < 2:21.11.2-1.el9_1 | 2:21.11.2-1.el9_1 | Aug 31, 2022 | A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK. | ||
| CVE-2021-3839 | — | < 2:21.11.2-1.el9_1 | 2:21.11.2-1.el9_1 | Aug 23, 2022 | A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability. |
- affected < 2:23.11-2.el9_5fixed 2:23.11-2.el9_5
An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a m
- CVE-2022-28199Sep 1, 2022affected < 2:21.11.2-1.el9_1fixed 2:21.11.2-1.el9_1
NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.
- CVE-2022-2132Aug 31, 2022affected < 2:21.11.2-1.el9_1fixed 2:21.11.2-1.el9_1
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
- CVE-2021-3839Aug 23, 2022affected < 2:21.11.2-1.el9_1fixed 2:21.11.2-1.el9_1
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.