Skip to main content

Data Plane Development Kit CVE-2022-28199

MEDIUM
Improper Validation of Specified Quantity in Input (CWE-1284)
2022-09-01 psirt@nvidia.com
6.5
CVSS 3.1 · Vendor: nvidia
Share

Severity by source

Vendor (nvidia) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from Vendor (nvidia) · only source for this CVE.

CVSS VectorVendor: nvidia

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 01, 2022 - 17:15 cve.org
MEDIUM 6.5

DescriptionCVE.org

NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.

AnalysisAI

NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-1284. NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality. Affected products include: Nvidia Data Plane Development Kit.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-2132 HIGH POC
8.6 Aug 31

A permissive list of allowed inputs flaw was found in DPDK. Rated high severity (CVSS 8.6), this vulnerability is remote

CVE-2020-14374 HIGH
8.8 Sep 30

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 8.8), this vulnerabil

CVE-2020-14376 HIGH
7.8 Sep 30

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 7.8). This Buffer Cop

CVE-2020-14375 HIGH
7.8 Sep 30

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 7.8).

CVE-2020-10725 HIGH
7.7 May 20

A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhos

CVE-2019-14818 HIGH
7.5 Nov 14

A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x bef

CVE-2020-14377 HIGH
7.1 Sep 30

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 7.1), this vulnerabil

CVE-2020-10723 MEDIUM
6.7 May 19

A memory corruption issue was found in DPDK versions 17.05 and above. Rated medium severity (CVSS 6.7), this vulnerabili

CVE-2020-10722 MEDIUM
6.7 May 19

A vulnerability was found in DPDK versions 18.05 and above. Rated medium severity (CVSS 6.7), this vulnerability is low

CVE-2022-0669 MEDIUM
6.5 Aug 29

A flaw was found in dpdk. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Uncontroll

CVE-2018-1059 MEDIUM
6.1 Apr 24

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contigu

CVE-2020-10726 MEDIUM
4.4 May 20

A vulnerability was found in DPDK versions 19.11 and above. Rated medium severity (CVSS 4.4), this vulnerability is low

Share

CVE-2022-28199 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy