CVE-2021-3839 - A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not valida

CVE-2021-3839

Summary

A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.

References

Vulnerable Configurations

cpe:2.3:a:dpdk:data_plane_development_kit:-:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:-:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.04:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.04:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.07:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.07:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.07.1:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.07.1:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.07.2:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.07.2:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.11:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.11:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.11.1:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.11.1:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.11.2:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.11.2:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.11.3:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.11.3:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.11.4:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.11.4:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.11.5:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.11.5:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.11.6:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.11.6:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.11.7:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.11.7:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.11.8:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.11.8:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.11.9:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.11.9:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.11.10:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.11.10:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.11.11:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:16.11.11:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.02:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.02:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.02.1:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.02.1:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.05:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.05:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.05.1:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.05.1:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.05.2:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.05.2:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.08:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.08:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.08.1:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.08.1:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.08.2:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.08.2:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.11:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.11:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.11.1:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.11.1:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.11.2:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.11.2:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.11.3:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.11.3:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.11.4:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.11.4:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.11.5:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.11.5:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.11.6:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.11.6:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.11.7:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.11.7:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.11.8:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.11.8:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.11.9:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:17.11.9:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.02:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.02:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.02.1:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.02.1:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.02.2:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.02.2:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.05:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.05:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.08:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.08:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.08.1:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.08.1:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.11:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.11:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.11.1:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.11.1:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.11.2:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.11.2:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.11.3:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.11.3:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.11.4:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.11.4:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.11.5:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.11.5:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.11.10:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.11.10:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.15.1:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:18.15.1:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:19.02:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:19.02:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:19.05:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:19.05:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:19.08:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:19.08:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:19.08.1:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:19.08.1:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:19.08.2:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:19.08.2:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:19.11:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:19.11:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:19.11.5:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:19.11.5:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:20.02:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:20.02:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:20.05:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:20.05:*:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.02:-:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.02:-:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.02:rc1:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.02:rc1:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.02:rc2:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.02:rc2:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.02:rc3:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.02:rc3:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.02:rc4:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.02:rc4:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.05:-:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.05:-:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.05:rc1:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.05:rc1:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.05:rc2:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.05:rc2:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.05:rc3:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.05:rc3:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.05:rc4:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.05:rc4:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.08:-:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.08:-:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.08:rc1:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.08:rc1:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.08:rc2:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.08:rc2:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.08:rc3:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.08:rc3:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.08:rc4:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.08:rc4:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.11:-:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.11:-:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.11:rc1:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.11:rc1:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.11:rc2:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.11:rc2:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.11:rc3:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.11:rc3:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.11:rc4:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:21.11:rc4:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc2:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc2:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc3:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc3:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc1:*:*:*:*:*:*
cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc1:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:enterprise_linux_fast_datapath:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:enterprise_linux_fast_datapath:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:enterprise_linux_fast_datapath:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:enterprise_linux_fast_datapath:8.0:*:*:*:*:*:*:*

CVSS

Base:	None
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

26-08-2022 - 19:24

Published

23-08-2022 - 16:15

Last modified

26-08-2022 - 19:24