CVE-2019-9547

EUVD-2019-18919
In Storage Performance Development Kit (SPDK) before 19.01, a malicious vhost client (i.e., virtual machine) could carefully construct a circular descriptor chain that would result in a partial denial of service in the SPDK vhost target, because the vhost target did not properly detect such chains.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
Affected Products (NVD)
VendorProductVersion
spdkstorage_performance_development_kit
𝑥
< 19.01
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/spdk/spdk/commit/eca42c66092b9031711afe215fbc1891ee55f143
https://github.com/spdk/spdk/releases/tag/v19.01
https://github.com/spdk/spdk/commit/eca42c66092b9031711afe215fbc1891ee55f143
https://github.com/spdk/spdk/releases/tag/v19.01