CVE-2022-0669 (GCVE-0-2022-0669)

Vulnerability from cvelistv5 – Published: 2022-08-29 14:03 – Updated: 2024-08-02 23:32

Summary

A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.

Severity

No CVSS data available.

CWE

CWE-400 - - Uncontrolled Resource Consumption.

Assigner

redhat

References

5 references

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=2055793	x_refsource_MISC
https://bugs.dpdk.org/show_bug.cgi?id=922	x_refsource_MISC
https://github.com/DPDK/dpdk/commit/af74f7db384ed…	x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2022-0669	x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	DPDK	Affected: Affects v19.11-rc1 and later, Fixed in v22.03-rc4.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:32:46.442Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.dpdk.org/show_bug.cgi?id=922"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2022-0669"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2022-0669"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DPDK",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Affects v19.11-rc1 and later, Fixed in v22.03-rc4."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 - Uncontrolled Resource Consumption.",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-29T14:03:04.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.dpdk.org/show_bug.cgi?id=922"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2022-0669"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2022-0669"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2022-0669",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DPDK",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Affects v19.11-rc1 and later, Fixed in v22.03-rc4."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400 - Uncontrolled Resource Consumption."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793"
            },
            {
              "name": "https://bugs.dpdk.org/show_bug.cgi?id=922",
              "refsource": "MISC",
              "url": "https://bugs.dpdk.org/show_bug.cgi?id=922"
            },
            {
              "name": "https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227",
              "refsource": "MISC",
              "url": "https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227"
            },
            {
              "name": "https://access.redhat.com/security/cve/CVE-2022-0669",
              "refsource": "MISC",
              "url": "https://access.redhat.com/security/cve/CVE-2022-0669"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2022-0669",
              "refsource": "MISC",
              "url": "https://security-tracker.debian.org/tracker/CVE-2022-0669"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-0669",
    "datePublished": "2022-08-29T14:03:04.000Z",
    "dateReserved": "2022-02-17T00:00:00.000Z",
    "dateUpdated": "2024-08-02T23:32:46.442Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-0669",
      "date": "2026-05-29",
      "epss": "0.00194",
      "percentile": "0.41155"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-0669\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2022-08-29T15:15:09.750\",\"lastModified\":\"2024-11-21T06:39:08.920\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado un fallo en dpdk. Este fallo permite a un vhost-user master malicioso adjuntar un n\u00famero inesperado de fds como datos auxiliares a los mensajes VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD que no son cerrados por el vhost-user slave. Al enviar dichos mensajes continuamente, el maestro vhost-user agota los fd disponibles en el proceso esclavo vhost-user, conllevando a una denegaci\u00f3n de servicio\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"20.02\",\"versionEndExcluding\":\"22.03\",\"matchCriteriaId\":\"00189B34-1D41-4AE8-988A-65013F529ABA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dpdk:data_plane_development_kit:19.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D54C8537-09ED-447B-A677-C1B31CD43BE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D64C9BE-1254-4E55-A4B9-BE0059E4AC88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"98F76795-E087-4163-8803-2DFA0571F720\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F057C6ED-3DC1-41AD-A982-3DBA9FFBDC83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"F65AF826-2336-48B7-A364-BEAC013CA4BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB0AB20E-A20A-4087-B944-6A1B6E7E936B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A0E6108-A040-4749-85A6-C1DA127F482A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"844676DA-EA6F-4DA7-8248-6AD0139CC919\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openvswitch:openvswitch:2.13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"905886CA-734C-4988-8882-664826DFFEC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openvswitch:openvswitch:2.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B5C7BBB-D091-4A58-9316-AECF82506865\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"932D137F-528B-4526-9A89-CD59FA1AB0FE\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/CVE-2022-0669\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.dpdk.org/show_bug.cgi?id=922\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2055793\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2022-0669\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/CVE-2022-0669\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.dpdk.org/show_bug.cgi?id=922\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2055793\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2022-0669\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}

VAR-202204-2114

Vulnerability from variot - Updated: 2024-08-14 12:19

The oldstable distribution (buster) is not affected.

For the stable distribution (bullseye), these problems have been fixed in version 20.11.5-1~deb11u1.

We recommend that you upgrade your dpdk packages.

For the detailed security status of dpdk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/dpdk

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmJz7AsACgkQEMKTtsN8 TjYeyw/9ECSTRzzVxG0vfic14yz4vbKTayFN7hGkMwIrtpAT+iNcwR/QVznY+sPB VZxnqNRprXz4cXkTHFrIdaur7QFtGE997Eim4gDt52dmtViaKYTqx/I18dGxLnUq Vz+pck34hlAJjQA2qqF4OEaZi6p6u+RltwVN1A1GKQ/EBZ2F1xz1BCpBsXgEmB5J /GXpnBGMp7vlgveiMNDbkhPO0I4aGrmcMhPY5zIKv+ujjNZozxlqRIK83dkzdyoP 0QWoRMI3e3ANNkxLuKOBUK5f3LQf/No0xivxufN36sIEUK0WjLvDFhmt3Bt4FI+P 1j1YAvcc+LSXF7o+yNeD7tN1NguPX/kNiH1MjnimyOf803Fe4sdlwIGadHagf7P4 eEA9gGxCtM4NEydTLAGFw4dqJki9S3JJtA5m9Lw3/ZjhFg8stfM2iVDD45pmROZi LlxjjfmFH0vaQFG2nh/qXENwosk3D3Sl/o7Pinl6yWM/QstlyM6aXGYQLb9edyfS BRv2R/EsaqICA2rFN0W7dDI1eED6GVLJRGY2Hl+sV+n/ezerlIi87JTZ6c3625rv 7izW/Gzns7Az5KmDIi8wjAD1bzYq0M6zRFp9kbZc1M1s5iEvXEIsQpwg9QENGcgS Yv/7+a5NtWSih4e6enBQ0FqAHBUpNjz+q+qL8U5WovpuifsmrIM= =cq6B -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-5401-1 May 04, 2022

dpdk vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 22.04 LTS
Ubuntu 21.10
Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in DPDK.

Software Description: - dpdk: set of libraries for fast packet processing

Details:

Wenxiang Qian discovered that DPDK incorrectly checked certain payloads. An attacker could use this issue to cause DPDK to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-3839)

It was discovered that DPDK incorrectly handled inflight type messages. An attacker could possibly use this issue to cause DPDK to consume resources, leading to a denial of service. (CVE-2022-0669)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 22.04 LTS: dpdk 21.11.1-0ubuntu0.3

Ubuntu 21.10: dpdk 20.11.5-0ubuntu1

Ubuntu 20.04 LTS: dpdk 19.11.12-0ubuntu0.20.04.1

In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openvswitch2.15 security update Advisory ID: RHSA-2022:4787-01 Product: Fast Datapath Advisory URL: https://access.redhat.com/errata/RHSA-2022:4787 Issue date: 2022-05-27 CVE Names: CVE-2021-3839 CVE-2022-0669 =====================================================================

Summary:

An update for openvswitch2.15 is now available in Fast Datapath for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64

Description:

Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

openvswitch2.15: DPDK: Out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash (CVE-2021-3839)
openvswitch2.15: DPDK: Sending vhost-user-inflight type messages could lead to DoS (CVE-2022-0669)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Users of openvswitch2.15 are advised to upgrade to these updated packages, which fix these bugs.

Bugs fixed (https://bugzilla.redhat.com/):

2025882 - CVE-2021-3839 DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash 2055793 - CVE-2022-0669 dpdk: sending vhost-user-inflight type messages could lead to DoS 2070343 - Failed to read database with dns hostname address 2080271 - [22.D RHEL-8] Fast Datapath Release

Package List:

Fast Datapath for Red Hat Enterprise Linux 8:

Source: openvswitch2.15-2.15.0-99.el8fdp.src.rpm

aarch64: network-scripts-openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm openvswitch2.15-debuginfo-2.15.0-99.el8fdp.aarch64.rpm openvswitch2.15-debugsource-2.15.0-99.el8fdp.aarch64.rpm openvswitch2.15-devel-2.15.0-99.el8fdp.aarch64.rpm openvswitch2.15-ipsec-2.15.0-99.el8fdp.aarch64.rpm python3-openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.aarch64.rpm

noarch: openvswitch2.15-test-2.15.0-99.el8fdp.noarch.rpm

ppc64le: network-scripts-openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm openvswitch2.15-debuginfo-2.15.0-99.el8fdp.ppc64le.rpm openvswitch2.15-debugsource-2.15.0-99.el8fdp.ppc64le.rpm openvswitch2.15-devel-2.15.0-99.el8fdp.ppc64le.rpm openvswitch2.15-ipsec-2.15.0-99.el8fdp.ppc64le.rpm python3-openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.ppc64le.rpm

s390x: network-scripts-openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm openvswitch2.15-debuginfo-2.15.0-99.el8fdp.s390x.rpm openvswitch2.15-debugsource-2.15.0-99.el8fdp.s390x.rpm openvswitch2.15-devel-2.15.0-99.el8fdp.s390x.rpm openvswitch2.15-ipsec-2.15.0-99.el8fdp.s390x.rpm python3-openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.s390x.rpm

x86_64: network-scripts-openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm openvswitch2.15-debuginfo-2.15.0-99.el8fdp.x86_64.rpm openvswitch2.15-debugsource-2.15.0-99.el8fdp.x86_64.rpm openvswitch2.15-devel-2.15.0-99.el8fdp.x86_64.rpm openvswitch2.15-ipsec-2.15.0-99.el8fdp.x86_64.rpm python3-openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2021-3839 https://access.redhat.com/security/cve/CVE-2022-0669 https://access.redhat.com/security/updates/classification/#moderate

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBYpEx5NzjgjWX9erEAQilcQ/9E4LMCyo2/tSJR13aOP2BQO99IqKG770u 9Rp9+aGCp1QyurzrYGjn7WXwe0DBHTRNQVaHdJLHzmZAeSNZilXoAg620VzoKSu/ rhVtfy+EJU22H/OVkAUhExcEUIJRB0zQk6CadScdl25BUE/LNCPa2DJiTOMVi2yF G76OloY8FoI1nWVPKGetMMmI6LqOP3Bd+JwD2VG5t+krqmQSD4wKkVrcwS4TLjQm H9ZCRgg4D5G00CgYuEtetMf4A4C23n1Fd9oEdwEbPN2Q7ddSWJ1eNZ1q76p6oPtl sA7A6MXIdz3j05JjdnPRNKTJvXWnwtGYXx114UKWcSgJUYnsqCyd2auhPZSkP7iC 34z2FLzDOV7VeF2gnQTJj0h9iwpJOtcnzwC0X8w94yES5rxXKp5UHB8CiFNkUu6g lqlQKiF1JPmisJBfdlAFC1+Hs/mgJwosNq3JD5nbIaM6410YQk+TEZ331ssjVjFy Bs60J/v++KxAooPqnn0q3dbQsV1ne9pRdpiBWAzkX7mHp8ZRHscBi6zISv6CKDft 2b1CHllt/m35nUF0f6dRlJdbu/mKFixcJWiO3nqrD4TmYprl016VJ73bN30CEJIS GOdd7+rl8it4cuWDAzG7H2aTGnGSSwUr5lOkR9+hKNrO7Fel6n3PrdHS/igJMw7L 5WnVACaEc60= =WSAK -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202204-2114",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "data plane development kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dpdk",
        "version": "22.03"
      },
      {
        "model": "data plane development kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "dpdk",
        "version": "19.11"
      },
      {
        "model": "data plane development kit",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "dpdk",
        "version": "22.03"
      },
      {
        "model": "openvswitch",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openvswitch",
        "version": "2.13.0"
      },
      {
        "model": "data plane development kit",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "dpdk",
        "version": "20.02"
      },
      {
        "model": "openvswitch",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openvswitch",
        "version": "2.15.0"
      },
      {
        "model": "openshift container platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "red hat openshift container platform",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
        "version": null
      },
      {
        "model": "data plane development kit",
        "scope": null,
        "trust": 0.8,
        "vendor": "dpdk",
        "version": null
      },
      {
        "model": "open vswitch",
        "scope": null,
        "trust": 0.8,
        "vendor": "open vswitch",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-016014"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-0669"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "167299"
      },
      {
        "db": "PACKETSTORM",
        "id": "167294"
      },
      {
        "db": "PACKETSTORM",
        "id": "167298"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2022-0669",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.0,
            "id": "CVE-2022-0669",
            "impactScore": 4.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2022-0669",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-0669",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-0669",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202204-4638",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-016014"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-4638"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-0669"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service. DPDK of data plane development kit Products from other vendors have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. \n\nThe oldstable distribution (buster) is not affected. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 20.11.5-1~deb11u1. \n\nWe recommend that you upgrade your dpdk packages. \n\nFor the detailed security status of dpdk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/dpdk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmJz7AsACgkQEMKTtsN8\nTjYeyw/9ECSTRzzVxG0vfic14yz4vbKTayFN7hGkMwIrtpAT+iNcwR/QVznY+sPB\nVZxnqNRprXz4cXkTHFrIdaur7QFtGE997Eim4gDt52dmtViaKYTqx/I18dGxLnUq\nVz+pck34hlAJjQA2qqF4OEaZi6p6u+RltwVN1A1GKQ/EBZ2F1xz1BCpBsXgEmB5J\n/GXpnBGMp7vlgveiMNDbkhPO0I4aGrmcMhPY5zIKv+ujjNZozxlqRIK83dkzdyoP\n0QWoRMI3e3ANNkxLuKOBUK5f3LQf/No0xivxufN36sIEUK0WjLvDFhmt3Bt4FI+P\n1j1YAvcc+LSXF7o+yNeD7tN1NguPX/kNiH1MjnimyOf803Fe4sdlwIGadHagf7P4\neEA9gGxCtM4NEydTLAGFw4dqJki9S3JJtA5m9Lw3/ZjhFg8stfM2iVDD45pmROZi\nLlxjjfmFH0vaQFG2nh/qXENwosk3D3Sl/o7Pinl6yWM/QstlyM6aXGYQLb9edyfS\nBRv2R/EsaqICA2rFN0W7dDI1eED6GVLJRGY2Hl+sV+n/ezerlIi87JTZ6c3625rv\n7izW/Gzns7Az5KmDIi8wjAD1bzYq0M6zRFp9kbZc1M1s5iEvXEIsQpwg9QENGcgS\nYv/7+a5NtWSih4e6enBQ0FqAHBUpNjz+q+qL8U5WovpuifsmrIM=\n=cq6B\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-5401-1\nMay 04, 2022\n\ndpdk vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in DPDK. \n\nSoftware Description:\n- dpdk: set of libraries for fast packet processing\n\nDetails:\n\nWenxiang Qian discovered that DPDK incorrectly checked certain payloads. An\nattacker could use this issue to cause DPDK to crash, resulting in a denial\nof service, or possibly execute arbitrary code. (CVE-2021-3839)\n\nIt was discovered that DPDK incorrectly handled inflight type messages. An\nattacker could possibly use this issue to cause DPDK to consume resources,\nleading to a denial of service. (CVE-2022-0669)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n  dpdk                            21.11.1-0ubuntu0.3\n\nUbuntu 21.10:\n  dpdk                            20.11.5-0ubuntu1\n\nUbuntu 20.04 LTS:\n  dpdk                            19.11.12-0ubuntu0.20.04.1\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openvswitch2.15 security update\nAdvisory ID:       RHSA-2022:4787-01\nProduct:           Fast Datapath\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:4787\nIssue date:        2022-05-27\nCVE Names:         CVE-2021-3839 CVE-2022-0669 \n=====================================================================\n\n1. Summary:\n\nAn update for openvswitch2.15 is now available in Fast Datapath for Red Hat\nEnterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nFast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nOpen vSwitch provides standard network bridging functions and support for\nthe OpenFlow protocol for remote per-flow control of traffic. \n\nSecurity Fix(es):\n\n* openvswitch2.15: DPDK: Out-of-bounds read/write in\nvhost_user_set_inflight_fd() may lead to crash (CVE-2021-3839)\n\n* openvswitch2.15: DPDK: Sending vhost-user-inflight type messages could\nlead to DoS (CVE-2022-0669)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nUsers of openvswitch2.15 are advised to upgrade to these updated packages,\nwhich fix these bugs. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2025882 - CVE-2021-3839 DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash\n2055793 - CVE-2022-0669 dpdk: sending vhost-user-inflight type messages could lead to DoS\n2070343 - Failed to read database with dns hostname address\n2080271 - [22.D RHEL-8] Fast Datapath Release\n\n6. Package List:\n\nFast Datapath for Red Hat Enterprise Linux 8:\n\nSource:\nopenvswitch2.15-2.15.0-99.el8fdp.src.rpm\n\naarch64:\nnetwork-scripts-openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm\nopenvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm\nopenvswitch2.15-debuginfo-2.15.0-99.el8fdp.aarch64.rpm\nopenvswitch2.15-debugsource-2.15.0-99.el8fdp.aarch64.rpm\nopenvswitch2.15-devel-2.15.0-99.el8fdp.aarch64.rpm\nopenvswitch2.15-ipsec-2.15.0-99.el8fdp.aarch64.rpm\npython3-openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm\npython3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.aarch64.rpm\n\nnoarch:\nopenvswitch2.15-test-2.15.0-99.el8fdp.noarch.rpm\n\nppc64le:\nnetwork-scripts-openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm\nopenvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm\nopenvswitch2.15-debuginfo-2.15.0-99.el8fdp.ppc64le.rpm\nopenvswitch2.15-debugsource-2.15.0-99.el8fdp.ppc64le.rpm\nopenvswitch2.15-devel-2.15.0-99.el8fdp.ppc64le.rpm\nopenvswitch2.15-ipsec-2.15.0-99.el8fdp.ppc64le.rpm\npython3-openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm\npython3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.ppc64le.rpm\n\ns390x:\nnetwork-scripts-openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm\nopenvswitch2.15-2.15.0-99.el8fdp.s390x.rpm\nopenvswitch2.15-debuginfo-2.15.0-99.el8fdp.s390x.rpm\nopenvswitch2.15-debugsource-2.15.0-99.el8fdp.s390x.rpm\nopenvswitch2.15-devel-2.15.0-99.el8fdp.s390x.rpm\nopenvswitch2.15-ipsec-2.15.0-99.el8fdp.s390x.rpm\npython3-openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm\npython3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.s390x.rpm\n\nx86_64:\nnetwork-scripts-openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm\nopenvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm\nopenvswitch2.15-debuginfo-2.15.0-99.el8fdp.x86_64.rpm\nopenvswitch2.15-debugsource-2.15.0-99.el8fdp.x86_64.rpm\nopenvswitch2.15-devel-2.15.0-99.el8fdp.x86_64.rpm\nopenvswitch2.15-ipsec-2.15.0-99.el8fdp.x86_64.rpm\npython3-openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm\npython3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3839\nhttps://access.redhat.com/security/cve/CVE-2022-0669\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYpEx5NzjgjWX9erEAQilcQ/9E4LMCyo2/tSJR13aOP2BQO99IqKG770u\n9Rp9+aGCp1QyurzrYGjn7WXwe0DBHTRNQVaHdJLHzmZAeSNZilXoAg620VzoKSu/\nrhVtfy+EJU22H/OVkAUhExcEUIJRB0zQk6CadScdl25BUE/LNCPa2DJiTOMVi2yF\nG76OloY8FoI1nWVPKGetMMmI6LqOP3Bd+JwD2VG5t+krqmQSD4wKkVrcwS4TLjQm\nH9ZCRgg4D5G00CgYuEtetMf4A4C23n1Fd9oEdwEbPN2Q7ddSWJ1eNZ1q76p6oPtl\nsA7A6MXIdz3j05JjdnPRNKTJvXWnwtGYXx114UKWcSgJUYnsqCyd2auhPZSkP7iC\n34z2FLzDOV7VeF2gnQTJj0h9iwpJOtcnzwC0X8w94yES5rxXKp5UHB8CiFNkUu6g\nlqlQKiF1JPmisJBfdlAFC1+Hs/mgJwosNq3JD5nbIaM6410YQk+TEZ331ssjVjFy\nBs60J/v++KxAooPqnn0q3dbQsV1ne9pRdpiBWAzkX7mHp8ZRHscBi6zISv6CKDft\n2b1CHllt/m35nUF0f6dRlJdbu/mKFixcJWiO3nqrD4TmYprl016VJ73bN30CEJIS\nGOdd7+rl8it4cuWDAzG7H2aTGnGSSwUr5lOkR9+hKNrO7Fel6n3PrdHS/igJMw7L\n5WnVACaEc60=\n=WSAK\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-0669"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-016014"
      },
      {
        "db": "VULHUB",
        "id": "VHN-415255"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-0669"
      },
      {
        "db": "PACKETSTORM",
        "id": "169321"
      },
      {
        "db": "PACKETSTORM",
        "id": "167299"
      },
      {
        "db": "PACKETSTORM",
        "id": "166960"
      },
      {
        "db": "PACKETSTORM",
        "id": "167294"
      },
      {
        "db": "PACKETSTORM",
        "id": "167298"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-0669",
        "trust": 3.9
      },
      {
        "db": "PACKETSTORM",
        "id": "166960",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "167299",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-016014",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.3284",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2695",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022052515",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022053026",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-4638",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "167294",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "167298",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-415255",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-0669",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169321",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-415255"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-0669"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-016014"
      },
      {
        "db": "PACKETSTORM",
        "id": "169321"
      },
      {
        "db": "PACKETSTORM",
        "id": "167299"
      },
      {
        "db": "PACKETSTORM",
        "id": "166960"
      },
      {
        "db": "PACKETSTORM",
        "id": "167294"
      },
      {
        "db": "PACKETSTORM",
        "id": "167298"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-4638"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-0669"
      }
    ]
  },
  "id": "VAR-202204-2114",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-415255"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-08-14T12:19:27.380000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "DPDK Remediation of resource management error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=194046"
      },
      {
        "title": "Debian CVElist Bug Report Logs: dpdk: CVE-2021-3839 and CVE-2022-0669",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b8bc18397e85f273082ea70c4090f82d"
      },
      {
        "title": "Ubuntu Security Notice: USN-5401-1: DPDK vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5401-1"
      },
      {
        "title": "Debian Security Advisories: DSA-5130-1 dpdk -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=c1652914039a5559306521c55fe28d7e"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-0669"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-4638"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-400",
        "trust": 1.0
      },
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-016014"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-0669"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "https://access.redhat.com/security/cve/cve-2022-0669"
      },
      {
        "trust": 2.5,
        "url": "https://bugs.dpdk.org/show_bug.cgi?id=922"
      },
      {
        "trust": 2.5,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793"
      },
      {
        "trust": 2.5,
        "url": "https://github.com/dpdk/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227"
      },
      {
        "trust": 2.5,
        "url": "https://security-tracker.debian.org/tracker/cve-2022-0669"
      },
      {
        "trust": 1.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0669"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022052515"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-0669/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167299/red-hat-security-advisory-2022-4786-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.3284"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/166960/ubuntu-security-notice-usn-5401-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/dpdk-overload-via-inflight-type-messages-38252"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022053026"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2695"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3839"
      },
      {
        "trust": 0.3,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3839"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.2,
        "url": "https://ubuntu.com/security/notices/usn-5401-1"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010641"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/2022/dsa-5130"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/dpdk"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:4786"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dpdk/21.11.1-0ubuntu0.3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dpdk/20.11.5-0ubuntu1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/dpdk/19.11.12-0ubuntu0.20.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:4787"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2022:4788"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-415255"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-0669"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-016014"
      },
      {
        "db": "PACKETSTORM",
        "id": "169321"
      },
      {
        "db": "PACKETSTORM",
        "id": "167299"
      },
      {
        "db": "PACKETSTORM",
        "id": "166960"
      },
      {
        "db": "PACKETSTORM",
        "id": "167294"
      },
      {
        "db": "PACKETSTORM",
        "id": "167298"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-4638"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-0669"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-415255"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-0669"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-016014"
      },
      {
        "db": "PACKETSTORM",
        "id": "169321"
      },
      {
        "db": "PACKETSTORM",
        "id": "167299"
      },
      {
        "db": "PACKETSTORM",
        "id": "166960"
      },
      {
        "db": "PACKETSTORM",
        "id": "167294"
      },
      {
        "db": "PACKETSTORM",
        "id": "167298"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-4638"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-0669"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-08-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-415255"
      },
      {
        "date": "2023-09-29T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-016014"
      },
      {
        "date": "2022-05-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "169321"
      },
      {
        "date": "2022-05-30T14:06:20",
        "db": "PACKETSTORM",
        "id": "167299"
      },
      {
        "date": "2022-05-04T21:43:23",
        "db": "PACKETSTORM",
        "id": "166960"
      },
      {
        "date": "2022-05-30T13:56:31",
        "db": "PACKETSTORM",
        "id": "167294"
      },
      {
        "date": "2022-05-30T14:05:41",
        "db": "PACKETSTORM",
        "id": "167298"
      },
      {
        "date": "2022-04-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202204-4638"
      },
      {
        "date": "2022-08-29T15:15:09.750000",
        "db": "NVD",
        "id": "CVE-2022-0669"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-09-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-415255"
      },
      {
        "date": "2023-09-29T08:07:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-016014"
      },
      {
        "date": "2022-09-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202204-4638"
      },
      {
        "date": "2022-09-01T20:35:47.027000",
        "db": "NVD",
        "id": "CVE-2022-0669"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-4638"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "DPDK\u00a0 of \u00a0data\u00a0plane\u00a0development\u00a0kit\u00a0 Vulnerabilities in Products from Other Vendors",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-016014"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202204-4638"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-0669 (GCVE-0-2022-0669)

VAR-202204-2114

dpdk vulnerabilities

Tags

Sightings

Nomenclature