A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2025882 | Issue Tracking Patch Third Party Advisory |
https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5 | Patch Third Party Advisory |
https://access.redhat.com/security/cve/CVE-2021-3839 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2022-08-23 09:15
Updated : 2022-08-26 12:24
NVD link : CVE-2021-3839
Mitre link : CVE-2021-3839
JSON object : View
Products Affected
redhat
- enterprise_linux
- enterprise_linux_fast_datapath
dpdk
- data_plane_development_kit
fedoraproject
- fedora