rpm package
opensuse/dpdk-thunderx&distro=openSUSE Leap 15.4
pkg:rpm/opensuse/dpdk-thunderx&distro=openSUSE%20Leap%2015.4
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-28199 | — | < 19.11.10-150400.4.7.1 | 19.11.10-150400.4.7.1 | Sep 1, 2022 | NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality. | ||
| CVE-2022-2132 | — | < 19.11.10-150400.4.7.1 | 19.11.10-150400.4.7.1 | Aug 31, 2022 | A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK. | ||
| CVE-2022-0669 | — | < 19.11.4-150300.11.1 | 19.11.4-150300.11.1 | Aug 29, 2022 | A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, | ||
| CVE-2021-3839 | — | < 19.11.4-150300.11.1 | 19.11.4-150300.11.1 | Aug 23, 2022 | A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability. |
- CVE-2022-28199Sep 1, 2022affected < 19.11.10-150400.4.7.1fixed 19.11.10-150400.4.7.1
NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.
- CVE-2022-2132Aug 31, 2022affected < 19.11.10-150400.4.7.1fixed 19.11.10-150400.4.7.1
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
- CVE-2022-0669Aug 29, 2022affected < 19.11.4-150300.11.1fixed 19.11.4-150300.11.1
A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously,
- CVE-2021-3839Aug 23, 2022affected < 19.11.4-150300.11.1fixed 19.11.4-150300.11.1
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.