CVE-2022-2132

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
VendorProductVersion
dpdkdata_plane_development_kit
𝑥
< 19.11
dpdkdata_plane_development_kit
20.0 ≤
𝑥
< 20.11
dpdkdata_plane_development_kit
21.0 ≤
𝑥
< 21.11
debiandebian_linux
10.0
redhatenterprise_linux_fast_datapath
7.0
redhatenterprise_linux_fast_datapath
8.0
redhatenterprise_linux_fast_datapath
9.0
redhatopenshift_container_platform
4.0
redhatopenstack_platform
13.0
redhatvirtualization
4.0
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dpdk
bullseye
20.11.10-1~deb11u1
fixed
bullseye (security)
20.11.6-1~deb11u1
fixed
bookworm
22.11.5-1~deb12u1
fixed
sid
23.11.2-2
fixed
trixie
23.11.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dpdk
noble
Fixed 21.11.2-0ubuntu1
released
mantic
Fixed 21.11.2-0ubuntu1
released
lunar
Fixed 21.11.2-0ubuntu1
released
kinetic
Fixed 21.11.2-0ubuntu1
released
jammy
Fixed 21.11.2-0ubuntu0.22.04.1
released
focal
Fixed 19.11.13-0ubuntu0.20.04.1
released
bionic
Fixed 17.11.10-0ubuntu0.2
released
xenial
needed
trusty
dne
Common Weakness Enumeration
References
https://bugs.dpdk.org/show_bug.cgi?id=1031
https://bugzilla.redhat.com/show_bug.cgi?id=2099475
https://lists.debian.org/debian-lts-announce/2022/09/msg00000.html
https://bugs.dpdk.org/show_bug.cgi?id=1031
https://bugzilla.redhat.com/show_bug.cgi?id=2099475
https://lists.debian.org/debian-lts-announce/2022/09/msg00000.html