CVE-2022-28199
01.09.2022, 17:15
NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| nvidia | data_plane_development_kit | 19.11_1.0.0 ≤ 𝑥 < 20.11_5.0.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| dpdk |
| ||||||||||||||||||
| dpdk-devel |
| ||||||||||||||||||
| dpdk-thunderx |
| ||||||||||||||||||
| dpdk-thunderx-devel |
| ||||||||||||||||||
| dpdk-tools |
| ||||||||||||||||||
| libdpdk-20_0 |
| ||||||||||||||||||
| libdpdk-25 |
|
Red Hat Enterprise Linux Releases
Common Weakness Enumeration
- CWE-1284 - Improper Validation of Specified Quantity in InputThe product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
- CWE-20 - Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
References