{"id":"CVE-2022-0669","details":"A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.","modified":"2026-02-19T01:55:05.670866Z","published":"2022-08-29T15:15:09.750Z","related":["SUSE-SU-2022:1892-1","SUSE-SU-2022:2273-1","openSUSE-SU-2024:12039-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2022-0669"},{"type":"ADVISORY","url":"https://bugs.dpdk.org/show_bug.cgi?id=922"},{"type":"ADVISORY","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2055793"},{"type":"ADVISORY","url":"https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227"},{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2022-0669"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2055793"},{"type":"FIX","url":"https://bugs.dpdk.org/show_bug.cgi?id=922"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2055793"},{"type":"FIX","url":"https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227"},{"type":"FIX","url":"https://security-tracker.debian.org/tracker/CVE-2022-0669"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dpdk/dpdk","events":[{"introduced":"0"},{"fixed":"af74f7db384ed149fe42b21dbd7975f8a54ef227"},{"introduced":"d7142fbae16f185e11bfa44be061399afc40a1be"},{"fixed":"af74f7db384ed149fe42b21dbd7975f8a54ef227"}]}],"versions":["v20.02","v20.05","v20.05-rc1","v20.05-rc2","v20.05-rc3","v20.05-rc4","v20.08","v20.08-rc1","v20.08-rc2","v20.08-rc3","v20.08-rc4","v20.11","v20.11-rc1","v20.11-rc2","v20.11-rc3","v20.11-rc4","v20.11-rc5","v21.02","v21.02-rc1","v21.02-rc2","v21.02-rc3","v21.02-rc4","v21.05","v21.05-rc1","v21.05-rc2","v21.05-rc3","v21.05-rc4","v21.08","v21.08-rc1","v21.08-rc2","v21.08-rc3","v21.08-rc4","v21.11","v21.11-rc1","v21.11-rc2","v21.11-rc3","v21.11-rc4","v22.03-rc1","v22.03-rc2","v22.03-rc3"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","deprecated":false,"target":{"function":"vhost_user_get_inflight_fd","file":"lib/vhost/vhost_user.c"},"source":"https://github.com/dpdk/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227","id":"CVE-2022-0669-46915754","signature_type":"Function","digest":{"function_hash":"200223244212454310946426545990164687955","length":2695}},{"signature_version":"v1","deprecated":false,"target":{"file":"lib/vhost/vhost_user.c"},"source":"https://github.com/dpdk/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227","id":"CVE-2022-0669-7cd925aa","signature_type":"Line","digest":{"line_hashes":["223818872768659713837531296929638434056","116344875714567526600993095709210440032","65632164188427022346067638745330342493","86925578931592434140037146067078323283","177619426305843807217480219997070703598","329277146593023733927617528617310912643"],"threshold":0.9}},{"signature_version":"v1","deprecated":false,"target":{"function":"vhost_user_set_inflight_fd","file":"lib/vhost/vhost_user.c"},"source":"https://github.com/dpdk/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227","id":"CVE-2022-0669-d41ea11d","signature_type":"Function","digest":{"function_hash":"134267928438538481519605856791737735835","length":2619}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0669.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}]}