60 matches found
dpdk: sending vhost-user-inflight type messages could lead to DoS
A flaw was found in dpdk, which allows a malicious primary vhost-user to attach an unexpected number of fds as ancillary data to VHOSTUSERGETINFLIGHTFD / VHOSTUSERSETINFLIGHTFD messages that are not closed by the secondary vhost-user. By sending such messages continuously, the primary vhost-user...
DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash
A flaw was found in the vhost library in DPDK. Function vhostusersetinflightfd does not validate msg-payload.inflight.numqueues, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability...
PT-2022-7553 · Dpdk +4 · Dpdk +4
Name of the Vulnerable Software and Affected Versions: DPDK affected versions not specified Description: The issue is related to an uncontrolled resource consumption in the DPDK library and driver set, which can lead to a denial of service. A malicious vhost-user master can attach an unexpected...
Fedora: Security Advisory for dpdk (FEDORA-2021-fba11d37ee)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Important: dpdk security, bug fix, and enhancement update
The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. The following packages have been upgraded to a later upstream version: dpdk 19.11.3. BZ1824905 Security Fixes: dpdk: librtevhost Malicious guest could...
DEBIAN-CVE-2020-14375
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhostcrypto has validate...
dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index a UInt is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...
The vulnerability of the `vhost_user_set_log_base` function in libraries and drivers for fast packet processing in DPDK allows attackers to access sensitive data, compromise its integrity, and cause service failures.
The vulnerability of the vhostusersetlogbase function in libraries and drivers for fast packet processing in DPDK lies in a potential integer overflow. Exploiting this vulnerability could allow an attacker to access confidential data, compromise its integrity, and even cause service failures...
dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index a UInt is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...
dpdk: librte_vhost Missing inputs validation in Vhost-crypto
A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read...
DEBIAN-CVE-2020-10726
A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOSTUSERGETINFLIGHTFD messages, causing a resource leak file descriptors and virtual memory, which may result in a denial of service...
DEBIAN-CVE-2020-10724
A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read...
DEBIAN-CVE-2020-10723
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index a UInt is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...
UBUNTU-CVE-2020-10725
A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity chec...
UBUNTU-CVE-2020-10724
A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read...
dpdk: possible memory leak leads to denial of service
A flaw was found in dpdk where a malicious master, or a container with access to vhostuser socket, can send specially crafted VRINGSETNUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition...
dpdk: possible memory leak leads to denial of service
A flaw was found in dpdk where a malicious master, or a container with access to vhostuser socket, can send specially crafted VRINGSETNUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition...
Weak Password Vulnerability in Tianrongxin NGFW® Next-Generation Firewall
NGFW®, the next-generation firewall of TIANRONGXIN, adopts its own patented operating system NGTOS and security engine, utilizes the advanced Intel® Xeon® processor family and integrates the packet processing framework provided by Intel® Data Plane Development Kit to provide network processing...
DPDK Memory Disclosure Vulnerability
DPDK is a set of open source drivers for fast packet processing. A security vulnerability exists in the vhost-user interface in versions of DPDK prior to 18.02.1. An attacker can exploit this vulnerability to disclose vhost-user backend process memory...
Helping Mobile Operators Keep Customers Safe with Virtualized Network Security
At Trend Micro we’re always looking for innovative new ways to support our customers and help overcome their cybersecurity challenges. Mobile network operators MNOs are increasingly adopting virtualization and software acceleration technologies to become more agile in how they deploy and operate...