CVE-2022-28199 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvidia	CNA	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 59%

Vendor	Product	Version
nvidia	data_plane_development_kit	19.11_1.0.0 ≤ 𝑥 < 20.11_5.0.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

dpdk

bullseye	20.11.10-1~deb11u1 fixed
buster	not-affected
bullseye (security)	20.11.6-1~deb11u1 fixed
bookworm	22.11.5-1~deb12u1 fixed
sid	23.11.2-2 fixed
trixie	23.11.2-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

dpdk

kinetic	Fixed 21.11.2-0ubuntu1 released
jammy	Fixed 21.11.2-0ubuntu0.22.04.1 released
focal	Fixed 19.11.13-0ubuntu0.20.04.1 released
bionic	not-affected
xenial	not-affected
trusty	dne

Common Weakness Enumeration

CWE-1284 - Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://www.openwall.com/lists/oss-security/2022/09/06/2

https://nvidia.custhelp.com/app/answers/detail/a_id/5389

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mlx5-jbPCrqD8

http://www.openwall.com/lists/oss-security/2022/09/06/2

https://nvidia.custhelp.com/app/answers/detail/a_id/5389

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mlx5-jbPCrqD8