3 matches found
CVE-2022-2132
CVE-2022-2132 is a DoS vulnerability in DPDK caused by a permissive input validation that allows a remote attacker to trigger a denial of service by sending a crafted Vhost header. The issue affects the DPDK component handling Vhost descriptors, where processing of the Vhost header can exhaust mb...
CVE-2021-3839
CVE-2021-3839 affects the DPDK vhost library: vhost_user_set_inflight_fd() does not validate msg->payload.inflight.num_queues, which can cause out-of-bounds memory read/write and may crash software using the DPDK vhost library. The connected Nessus/issuer entries (e.g., MiracleLinux, TencentOS...
CVE-2018-1059
The CVE concerns the DPDK vhost-user interface, where Guest Physical Addresses to Host Virtual Addresses translations do not verify that the requested guest physical range is fully mapped and contiguous. This can expose vhost-user backend memory to a malicious guest. The vulnerability affects all...