Red Hat Enterprise Linux Fast Datapath
By the Year
In 2022 there have been 3 vulnerabilities in Red Hat Enterprise Linux Fast Datapath with an average score of 7.9 out of ten. Enterprise Linux Fast Datapath did not have any published security vulnerabilities last year. That is, 3 more vulnerabilities have already been reported in 2022 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2022 | 3 | 7.87 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 7.50 |
| 2018 | 1 | 6.10 |
It may take a day or so for new Enterprise Linux Fast Datapath vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Enterprise Linux Fast Datapath Security Vulnerabilities
A permissive list of allowed inputs flaw was found in DPDK
CVE-2022-2132
8.6 - High
- August 31, 2022
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
A flaw was found in the vhost library in DPDK
CVE-2021-3839
7.5 - High
- August 23, 2022
A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.
Out-of-bounds Read
A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing
CVE-2021-3905
7.5 - High
- August 23, 2022
A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
Memory Leak
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket
CVE-2019-14818
7.5 - High
- November 14, 2019
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.
Memory Leak
The DPDK vhost-user interface does not check to verify
CVE-2018-1059
6.1 - Medium
- April 24, 2018
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
Information Disclosure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Enterprise Linux (RHEL) or by Red Hat? Click the Watch button to subscribe.
