3 matches found
CVE-2021-28361
CVE-2021-28361 affects Storage Performance Development Kit (SPDK) before 20.01.01. If a PDU is sent to the iSCSI target with zero length (but data is expected), the iSCSI target can crash due to a NULL pointer dereference, impacting availability (CVSS v3.1: High). The issue is tied to SPDK’s iSCS...
CVE-2019-14940
CVE-2019-14940 affects SPDK prior to 19.07, where a user of a vhost can cause a crash by sending invalid input to the target. The root cause is an input validation issue in SPDK’s vhost handling, leading to an availability impact (crash) with network-accessible exposure implied by the CVSS data. ...
CVE-2019-9547
CVE-2019-9547 affects Storage Performance Development Kit (SPDK) prior to 19.01. A malicious vhost client (e.g., a VM) could craft a circular descriptor chain that the vhost target fails to detect, leading to a partial denial of service in the SPDK vhost target. The underlying issue is insufficie...