Your submission was sent successfully! Close

CVE-2022-0669

Published: 29 April 2022

It’s an issue in the handling of vhost-user inflight type messages. A malicious vhost-user master can attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master could exhaust available fd in the vhost-user slave process and lead to a DoS.

Priority

Medium

Status

Package Release Status
dpdk
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal
Released (19.11.12-0ubuntu0.20.04.1)
impish
Released (20.11.5-0ubuntu1)
jammy
Released (21.11.1-0ubuntu0.3)
upstream Needs triage

xenial Not vulnerable
(code not present)