Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Enterprise Linux Fast Datapath
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-2132 4 Debian, Dpdk, Fedoraproject and 1 more 8 Debian Linux, Data Plane Development Kit, Fedora and 5 more 2024-02-28 N/A 8.6 HIGH
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
CVE-2021-3905 4 Canonical, Fedoraproject, Openvswitch and 1 more 4 Ubuntu Linux, Fedora, Openvswitch and 1 more 2024-02-28 N/A 7.5 HIGH
A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
CVE-2021-3839 3 Dpdk, Fedoraproject, Redhat 4 Data Plane Development Kit, Fedora, Enterprise Linux and 1 more 2024-02-28 N/A 7.5 HIGH
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.
CVE-2019-14818 3 Dpdk, Fedoraproject, Redhat 5 Data Plane Development Kit, Fedora, Enterprise Linux Fast Datapath and 2 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.
CVE-2018-1059 3 Canonical, Dpdk, Redhat 9 Ubuntu Linux, Data Plane Development Kit, Ceph Storage and 6 more 2024-02-28 2.9 LOW 6.1 MEDIUM
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.