Lucene search
K

60 matches found

RedHat Linux
RedHat Linux
added 2022/05/27 7:3 p.m.5 views

dpdk: sending vhost-user-inflight type messages could lead to DoS

A flaw was found in dpdk, which allows a malicious primary vhost-user to attach an unexpected number of fds as ancillary data to VHOSTUSERGETINFLIGHTFD / VHOSTUSERSETINFLIGHTFD messages that are not closed by the secondary vhost-user. By sending such messages continuously, the primary vhost-user...

6.5CVSS5.7AI score0.00283EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/05/27 7:3 p.m.5 views

DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash

A flaw was found in the vhost library in DPDK. Function vhostusersetinflightfd does not validate msg-payload.inflight.numqueues, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability...

7.5CVSS7.1AI score0.01259EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/01/20 12:0 a.m.4 views

PT-2022-7553 · Dpdk +4 · Dpdk +4

Name of the Vulnerable Software and Affected Versions: DPDK affected versions not specified Description: The issue is related to an uncontrolled resource consumption in the DPDK library and driver set, which can lead to a denial of service. A malicious vhost-user master can attach an unexpected...

7.5CVSS6.6AI score0.01259EPSS
Exploits0References39
OpenVAS
OpenVAS
added 2021/03/05 12:0 a.m.36 views

Fedora: Security Advisory for dpdk (FEDORA-2021-fba11d37ee)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.9AI score
Exploits0References2
AlmaLinux
AlmaLinux
added 2020/11/03 12:37 p.m.76 views

Important: dpdk security, bug fix, and enhancement update

The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. The following packages have been upgraded to a later upstream version: dpdk 19.11.3. BZ1824905 Security Fixes: dpdk: librtevhost Malicious guest could...

4.6CVSS2.4AI score0.02213EPSS
Exploits0References4
OSV
OSV
added 2020/09/30 7:15 p.m.4 views

DEBIAN-CVE-2020-14375

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhostcrypto has validate...

7.8CVSS7.2AI score0.0025EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/09/30 2:53 p.m.4 views

dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()

A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index a UInt is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...

6.7CVSS7.1AI score0.00378EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2020/08/14 12:0 a.m.6 views

The vulnerability of the `vhost_user_set_log_base` function in libraries and drivers for fast packet processing in DPDK allows attackers to access sensitive data, compromise its integrity, and cause service failures.

The vulnerability of the vhostusersetlogbase function in libraries and drivers for fast packet processing in DPDK lies in a potential integer overflow. Exploiting this vulnerability could allow an attacker to access confidential data, compromise its integrity, and even cause service failures...

7.2CVSS7AI score0.00378EPSS
Exploits0References9Affected Software6
RedHat Linux
RedHat Linux
added 2020/05/26 3:15 p.m.7 views

dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()

A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index a UInt is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...

6.7CVSS7.1AI score0.00378EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2020/05/26 2:33 p.m.3 views

dpdk: librte_vhost Missing inputs validation in Vhost-crypto

A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read...

5.1CVSS7.2AI score0.00353EPSS
Exploits0References6
OSV
OSV
added 2020/05/20 2:15 p.m.2 views

DEBIAN-CVE-2020-10726

A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOSTUSERGETINFLIGHTFD messages, causing a resource leak file descriptors and virtual memory, which may result in a denial of service...

4.4CVSS6.1AI score0.00473EPSS
Exploits0References1
OSV
OSV
added 2020/05/19 7:15 p.m.4 views

DEBIAN-CVE-2020-10724

A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read...

4.4CVSS6.2AI score0.00353EPSS
Exploits0References1
OSV
OSV
added 2020/05/19 7:15 p.m.3 views

DEBIAN-CVE-2020-10723

A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index a UInt is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...

6.7CVSS7.2AI score0.00378EPSS
Exploits0References1
OSV
OSV
added 2020/05/18 3:0 p.m.4 views

UBUNTU-CVE-2020-10725

A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity chec...

7.7CVSS7AI score0.02213EPSS
Exploits0References3
OSV
OSV
added 2020/05/18 3:0 p.m.2 views

UBUNTU-CVE-2020-10724

A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read...

5.1CVSS6.3AI score0.00353EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/04/28 3:39 p.m.5 views

dpdk: possible memory leak leads to denial of service

A flaw was found in dpdk where a malicious master, or a container with access to vhostuser socket, can send specially crafted VRINGSETNUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition...

7.5CVSS7.1AI score0.02815EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/01/22 4:4 a.m.7 views

dpdk: possible memory leak leads to denial of service

A flaw was found in dpdk where a malicious master, or a container with access to vhostuser socket, can send specially crafted VRINGSETNUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition...

7.5CVSS7.1AI score0.02815EPSS
Exploits0References5
CNVD
CNVD
added 2019/11/28 12:0 a.m.2 views

Weak Password Vulnerability in Tianrongxin NGFW® Next-Generation Firewall

NGFW®, the next-generation firewall of TIANRONGXIN, adopts its own patented operating system NGTOS and security engine, utilizes the advanced Intel® Xeon® processor family and integrates the packet processing framework provided by Intel® Data Plane Development Kit to provide network processing...

6.8AI score
Exploits0
CNVD
CNVD
added 2018/04/26 12:0 a.m.45 views

DPDK Memory Disclosure Vulnerability

DPDK is a set of open source drivers for fast packet processing. A security vulnerability exists in the vhost-user interface in versions of DPDK prior to 18.02.1. An attacker can exploit this vulnerability to disclose vhost-user backend process memory...

6.1CVSS6.6AI score0.00878EPSS
Exploits0References1
Trend Micro Simply Security
Trend Micro Simply Security
added 2017/09/27 1:0 p.m.10 views

Helping Mobile Operators Keep Customers Safe with Virtualized Network Security

At Trend Micro we’re always looking for innovative new ways to support our customers and help overcome their cybersecurity challenges. Mobile network operators MNOs are increasingly adopting virtualization and software acceleration technologies to become more agile in how they deploy and operate...

6.8AI score
Exploits0
Rows per page
Query Builder