CVE-2022-2132
- EPSS 0.69%
- Published 31.08.2022 16:15:10
- Last modified 21.11.2024 07:00:23
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
CVE-2021-3839
- EPSS 0.13%
- Published 23.08.2022 16:15:10
- Last modified 21.11.2024 06:22:36
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result o...
CVE-2021-3905
- EPSS 0.14%
- Published 23.08.2022 16:15:10
- Last modified 21.11.2024 06:22:44
A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
CVE-2019-14818
- EPSS 1.14%
- Published 14.11.2019 17:15:14
- Last modified 21.11.2024 04:27:25
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM me...
CVE-2018-1059
- EPSS 0.26%
- Published 24.04.2018 18:29:00
- Last modified 21.11.2024 03:59:05
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing v...