CVE-2022-0669 — MEDIUM (6.5)

Q: How severe is CVE-2022-0669?

CVE-2022-0669 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-0669?

Check the references section above for vendor advisories and patch information. Affected products include: Dpdk Data Plane Development Kit, Openvswitch Openvswitch, Redhat Openshift Container Platform.

Vulnerability Description

A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dpdk	Data Plane Development Kit	>= 20.02, < 22.03
Openvswitch	Openvswitch	2.13.0
Redhat	Openshift Container Platform	4.0

Related Weaknesses (CWE)

CWE-400

References

https://access.redhat.com/security/cve/CVE-2022-0669Third Party Advisory
https://bugs.dpdk.org/show_bug.cgi?id=922PatchVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2055793Issue TrackingPatchThird Party Advisory
https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227PatchThird Party Advisory
https://security-tracker.debian.org/tracker/CVE-2022-0669PatchThird Party Advisory
https://access.redhat.com/security/cve/CVE-2022-0669Third Party Advisory
https://bugs.dpdk.org/show_bug.cgi?id=922PatchVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2055793Issue TrackingPatchThird Party Advisory
https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227PatchThird Party Advisory
https://security-tracker.debian.org/tracker/CVE-2022-0669PatchThird Party Advisory

FAQ

What is CVE-2022-0669?

CVE-2022-0669 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages tha...

How severe is CVE-2022-0669?

CVE-2022-0669 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-0669?

Check the references section above for vendor advisories and patch information. Affected products include: Dpdk Data Plane Development Kit, Openvswitch Openvswitch, Redhat Openshift Container Platform.