rpm package
opensuse/dpdk&distro=openSUSE Leap 15.4
pkg:rpm/opensuse/dpdk&distro=openSUSE%20Leap%2015.4
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-32166 | — | < 18.11.9-150100.4.23.1 | 18.11.9-150100.4.23.1 | Sep 28, 2022 | In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remo | ||
| CVE-2022-28199 | — | < 19.11.10-150400.4.7.1 | 19.11.10-150400.4.7.1 | Sep 1, 2022 | NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality. | ||
| CVE-2022-2132 | — | < 19.11.10-150400.4.7.1 | 19.11.10-150400.4.7.1 | Aug 31, 2022 | A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK. | ||
| CVE-2022-0669 | — | < 19.11.4-150300.11.1 | 19.11.4-150300.11.1 | Aug 29, 2022 | A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, | ||
| CVE-2021-3839 | — | < 19.11.4-150300.11.1 | 19.11.4-150300.11.1 | Aug 23, 2022 | A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability. | ||
| CVE-2021-36980 | — | < 18.11.9-150100.4.23.1 | 18.11.9-150100.4.23.1 | Jul 20, 2021 | Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. |
- CVE-2022-32166Sep 28, 2022affected < 18.11.9-150100.4.23.1fixed 18.11.9-150100.4.23.1
In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remo
- CVE-2022-28199Sep 1, 2022affected < 19.11.10-150400.4.7.1fixed 19.11.10-150400.4.7.1
NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.
- CVE-2022-2132Aug 31, 2022affected < 19.11.10-150400.4.7.1fixed 19.11.10-150400.4.7.1
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
- CVE-2022-0669Aug 29, 2022affected < 19.11.4-150300.11.1fixed 19.11.4-150300.11.1
A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously,
- CVE-2021-3839Aug 23, 2022affected < 19.11.4-150300.11.1fixed 19.11.4-150300.11.1
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.
- CVE-2021-36980Jul 20, 2021affected < 18.11.9-150100.4.23.1fixed 18.11.9-150100.4.23.1
Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.