Vulnerability Description
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dpdk | Data Plane Development Kit | < 19.11 |
| Fedoraproject | Fedora | 36 |
| Debian | Debian Linux | 10.0 |
| Redhat | Enterprise Linux Fast Datapath | 7.0 |
| Redhat | Openshift Container Platform | 4.0 |
| Redhat | Openstack Platform | 13.0 |
| Redhat | Virtualization | 4.0 |
| Redhat | Enterprise Linux | 7.0 |
Related Weaknesses (CWE)
References
- https://bugs.dpdk.org/show_bug.cgi?id=1031ExploitIssue TrackingPatch
- https://bugzilla.redhat.com/show_bug.cgi?id=2099475ExploitIssue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/09/msg00000.htmlMailing ListThird Party Advisory
- https://bugs.dpdk.org/show_bug.cgi?id=1031ExploitIssue TrackingPatch
- https://bugzilla.redhat.com/show_bug.cgi?id=2099475ExploitIssue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/09/msg00000.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2022-2132?
CVE-2022-2132 is a vulnerability with a CVSS score of 8.6 (HIGH). A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
How severe is CVE-2022-2132?
CVE-2022-2132 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-2132?
Check the references section above for vendor advisories and patch information. Affected products include: Dpdk Data Plane Development Kit, Fedoraproject Fedora, Debian Debian Linux, Redhat Enterprise Linux Fast Datapath, Redhat Openshift Container Platform.