FreeBSD -- Arbitrary file overwrite via the KTLS receive path

Problem Description: The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through non-anonymous...

EUVD-2019-15186

Malware in sbrugna...

CVE-2023-6660 NFS client data corruption and kernel memory disclosure

When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever...

dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK...

dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK...

dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK...

Important: Red Hat Security Advisory: dpdk security update

An update for dpdk is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Important: dpdk security update

The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Security Fixes: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs CVE-2022-2132 For more details about the security...

RLSA-2022:8263 Important: dpdk security and bug fix update

The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Security Fixes: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs CVE-2022-2132 DPDK: out-of-bounds read/write in...

dpdk security and bug fix update

An update is available for dpdk. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The dpdk packages provide the Data Plane Development Kit, which is a set of...

Important: dpdk security and bug fix update

The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Security Fixes: dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs CVE-2022-2132 DPDK: out-of-bounds read/write in...

dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK...

dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK...

SUSE-SU-2022:3430-1 Security update for dpdk

This update for dpdk fixes the following issues: - CVE-2022-2132: Fixed DoS when a vhost header crosses more than two descriptors and exhausts all mbufs bsc1202903...

SUSE-SU-2022:3381-1 Security update for dpdk

This update for dpdk fixes the following issues: - CVE-2022-2132: Fixed DoS when a vhost header crosses more than two descriptors and exhausts all mbufs bsc1202903...

dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK...

dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK...

CVE-2019-5611

In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguou...

CVE-2019-5611

Removed by vendor...

CVE-2019-0010 Junos OS: SRX Series: Crafted HTTP traffic may cause UTM to consume all mbufs, leading to Denial of Service

An SRX Series Service Gateway configured for Unified Threat Management UTM may experience a system crash with the error message "mbuf exceed" -- an indication of memory buffer exhaustion -- due to the receipt of crafted HTTP traffic. Each crafted HTTP packet inspected by UTM consumes mbufs which...