DescriptionA permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3092-1, DSA-5222-1
Debian Bugs1019589

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
dpdk (PTS)buster18.11.11-1~deb10u1vulnerable
buster (security)18.11.11-1~deb10u2fixed
bullseye (security), bullseye20.11.6-1~deb11u1fixed
bookworm, sid21.11-5vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs

Notes (main) (main) (v21.11.2) (v21.11.2) (v20.11.6) (v20.11.6) (v19.11.13) (v19.11.13)

Search for package or bug name: Reporting problems