CVE-2020-10722

CVE-2020-10722 affects the DPDK vhost code, where a missing check for an integer overflow in vhost_user_set_log_base() could lead to a smaller memory map than requested and memory corruption. The vulnerability is present in DPDK 18.05 and later. Multiple connected advisories confirm impact and pr...

CVE-2020-10723

CVE-2020-10723 describes a memory corruption in DPDK (versions 17.05 and above) caused by an integer truncation when copying a payload index from UInt to uint16, which can lead to out-of-bounds access. Publicly reported updates fix the vulnerability in various distributions: AlmaLinux 19.11.3 onw...

CVE-2022-2132

CVE-2022-2132 is a DoS vulnerability in DPDK caused by a permissive input validation that allows a remote attacker to trigger a denial of service by sending a crafted Vhost header. The issue affects the DPDK component handling Vhost descriptors, where processing of the Vhost header can exhaust mb...

CVE-2020-10724

CVE-2020-10724 affects DPDK 18.11+ via Vhost-crypto: missing input validation can cause information leakage through an out-of-bounds memory read. Connected advisories (SUSE, EulerOS, RH) confirm the vulnerability in the vhost-crypto path and indicate fixes have been released in security updates f...

CVE-2020-10725

CVE-2020-10725 affects DPDK 19.11+ via librte_vhost/vhost-user, caused by a missing validity check of the descriptor address in virtio_dev_rx_batch_packed(), leading to a segmentation fault of the vhost-user backend and possible loss of connectivity among guests. The issue is documented across mu...

CVE-2020-10726

CVE-2020-10726 affects DPDK 19.11+ where a malicious container with access to the vhost-user socket can flood with VHOST_USER_GET_INFLIGHT_FD messages, leading to resource leaks (FDs and VM memory) and potential denial of service. Public sources in the connected documents corroborate that the vul...

CVE-2020-14378

The advisory data confirms CVE-2020-14378 affects DPDK, specifically an integer underflow in move_desc that can cause a long-running loop and CPU exhaustion. Exposures include DPDK versions before 18.11.10 and before 19.11.5, with potential impact on vhost_crypto workloads that may block VMs/netw...

CVE-2020-14377

CVE-2020-14377 is described as a flaw in dpdk prior to 18.11.10 and before 19.11.5 where attacker-controlled parameters are not validated, causing a buffer over-read whose results can be written back into guest memory. This enables a VM-based attacker to read significant host memory, impacting da...

CVE-2020-14374

CVE-2020-14374 affects DPDPDK prior to 18.11.10 and prior to 19.11.5. A flawed bounds check in the copy_data function enables a buffer overflow, letting a VM attacker write arbitrary data to any address in the vhost_crypto component. Impact: data confidentiality, integrity, and availability of th...

CVE-2020-14375

CVE-2020-14374 to CVE-2020-14378 affect dpdk before 18.11.10 and before 19.11.5. The issues enable memory corruption/over-reads in vhost_crypto paths and related bounds checks (copy_data, move_desc, and Virtio ring descriptors). In a VM, an attacker can read/write host memory, impacting confident...

CVE-2019-14818

The CVE-2019-14818 issue affects DPDK packages in multiple lines: 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4, and 19.x.x before 19.08.1. A malicious master or a container with access to a vhost_user socket can send crafted VRING_SET_NUM messages, causing a memory leak th...

CVE-2020-14376

CVE-2020-14376 and related CVEs (CVE-2020-14374, CVE-2020-14375, CVE-2020-14377, CVE-2020-14378) affect dpdk prior to 18.11.10 and 19.11.5. The EulerOS/NASL/OpenVAS entries confirm multiple dpdk-related issues, including: (1) a bounds-check failure when copying iv_data from guest to host memory c...

CVE-2021-3839

CVE-2021-3839 affects the DPDK vhost library: vhost_user_set_inflight_fd() does not validate msg->payload.inflight.num_queues, which can cause out-of-bounds memory read/write and may crash software using the DPDK vhost library. The connected Nessus/issuer entries (e.g., MiracleLinux, TencentOS...

CVE-2022-0669

CVE-2022-0669 describes a denial-of-service flaw in DPDK’s vhost-user handling. A malicious vhost-user master can attach an unexpected number of file descriptors as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages not closed by the vhost-user slave, exhausting fd...

CVE-2018-1059

The CVE concerns the DPDK vhost-user interface, where Guest Physical Addresses to Host Virtual Addresses translations do not verify that the requested guest physical range is fully mapped and contiguous. This can expose vhost-user backend memory to a malicious guest. The vulnerability affects all...