Vulnerability Name:

CVE-2022-0669 (CCN-225846)

Assigned:2022-05-05
Published:2022-05-05
Updated:2022-09-01
Summary:A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.
CVSS v3 Severity:6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2022-0669

Source: MISC
Type: Third Party Advisory
https://access.redhat.com/security/cve/CVE-2022-0669

Source: MISC
Type: Patch, Vendor Advisory
https://bugs.dpdk.org/show_bug.cgi?id=922

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2055793

Source: XF
Type: UNKNOWN
dpdk-cve20220669-dos(225846)

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227

Source: CCN
Type: oss-sec Mailing List, Thu, 5 May 2022 01:55:20 +0000
DPDK CVE-2022-0669 Release Notice

Source: MISC
Type: Patch, Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2022-0669

Source: CCN
Type: DPDK Web site
Home

Source: CCN
Type: Mend Vulnerability Database
CVE-2022-0669

Vulnerable Configuration:Configuration 1:
  • cpe:/a:dpdk:data_plane_development_kit:22.03:rc2:*:*:*:*:*:*
  • OR cpe:/a:dpdk:data_plane_development_kit:22.03:rc3:*:*:*:*:*:*
  • OR cpe:/a:dpdk:data_plane_development_kit:22.03:rc1:*:*:*:*:*:*
  • OR cpe:/a:dpdk:data_plane_development_kit:19.11:*:*:*:*:*:*:*
  • OR cpe:/a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:* (Version >= 20.02 and < 22.03)
  • OR cpe:/a:dpdk:data_plane_development_kit:19.11:rc1:*:*:*:*:*:*
  • OR cpe:/a:dpdk:data_plane_development_kit:19.11:rc2:*:*:*:*:*:*
  • OR cpe:/a:dpdk:data_plane_development_kit:19.11:rc3:*:*:*:*:*:*
  • OR cpe:/a:dpdk:data_plane_development_kit:19.11:rc4:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:openvswitch:openvswitch:2.15.0:*:*:*:*:*:*:*
  • OR cpe:/a:openvswitch:openvswitch:2.13.0:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:dpdk:dpdk:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8077
    P
    		dpdk-19.11.10-150500.3.37 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:119616
    P
    		Security update for dpdk (Important)
    2022-07-05
    oval:org.opensuse.security:def:118936
    P
    		Security update for dpdk (Important)
    2022-07-05
    oval:org.opensuse.security:def:119241
    P
    		Security update for dpdk (Important)
    2022-07-05
    oval:org.opensuse.security:def:119431
    P
    		Security update for dpdk (Important)
    2022-07-05
    oval:org.opensuse.security:def:118746
    P
    		Security update for dpdk (Important)
    2022-07-05
    oval:org.opensuse.security:def:3474
    P
    		dosfstools-3.0.26-6.5 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:95104
    P
    		dpdk-19.11.10-150400.2.10 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:1671
    P
    		Security update for dpdk (Moderate)
    2022-05-31
    oval:org.opensuse.security:def:503
    P
    		Security update for dpdk (Moderate)
    2022-05-31
    BACK
    dpdk data plane development kit 22.03 rc2
    dpdk data plane development kit 22.03 rc3
    dpdk data plane development kit 22.03 rc1
    dpdk data plane development kit 19.11
    dpdk data plane development kit *
    dpdk data plane development kit 19.11 rc1
    dpdk data plane development kit 19.11 rc2
    dpdk data plane development kit 19.11 rc3
    dpdk data plane development kit 19.11 rc4
    openvswitch openvswitch 2.15.0
    openvswitch openvswitch 2.13.0
    redhat openshift container platform 4.0
    dpdk dpdk -