CVE-2021-3839 - OpenCVE

A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Fedoraproject	Fedora
Redhat	Enterprise Linux Enterprise Linux Fast Datapath
Dpdk	Data Plane Development Kit

Configuration 1 [-]

OR	cpe:2.3:a:dpdk:data_plane_development_kit::::::::
	cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc1::::::
	cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc2::::::
	cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc3::::::

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:redhat:enterprise_linux_fast_datapath:7.0:::::::*
	cpe:2.3:a:redhat:enterprise_linux_fast_datapath:8.0:::::::*

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2021-3839	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2025882	Issue Tracking Patch Third Party Advisory
https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2022-08-23T15:52:42

Updated: 2022-08-23T15:52:42

Reserved: 2021-09-29T00:00:00

Link: CVE-2021-3839

JSON object: View

NVD Information

Status : Modified

Published: 2022-08-23T16:15:10.087

Modified: 2023-11-07T03:38:17.280

Link: CVE-2021-3839

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "dpdk", "vendor": "n/a", "versions": [{"status": "affected", "version": "Fixed in dpdk v22.03"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 - Out-of-bounds Read | CWE-787 - Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-23T15:52:42", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025882"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/CVE-2021-3839"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-3839", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "dpdk", "version": {"version_data": [{"version_value": "Fixed in dpdk v22.03"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-125 - Out-of-bounds Read | CWE-787 - Out-of-bounds Write"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2025882", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025882"}, {"name": "https://access.redhat.com/security/cve/CVE-2021-3839", "refsource": "MISC", "url": "https://access.redhat.com/security/cve/CVE-2021-3839"}, {"name": "https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5", "refsource": "MISC", "url": "https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3839", "datePublished": "2022-08-23T15:52:42", "dateReserved": "2021-09-29T00:00:00", "dateUpdated": "2022-08-23T15:52:42", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A0B4C63-3F60-4058-AF0C-F5AEE921CB01", "versionEndExcluding": "22.03", "vulnerable": true}, {"criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc1:*:*:*:*:*:*", "matchCriteriaId": "CB0AB20E-A20A-4087-B944-6A1B6E7E936B", "vulnerable": true}, {"criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc2:*:*:*:*:*:*", "matchCriteriaId": "4A0E6108-A040-4749-85A6-C1DA127F482A", "vulnerable": true}, {"criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc3:*:*:*:*:*:*", "matchCriteriaId": "844676DA-EA6F-4DA7-8248-6AD0139CC919", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:enterprise_linux_fast_datapath:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "559A4609-EC7E-40CD-9165-5DA68CBCEE9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:enterprise_linux_fast_datapath:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "BAE5723C-165D-4427-A8DF-82662A2E7A9F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability."}, {"lang": "es", "value": "Se ha encontrado un fallo en la biblioteca vhost de DPDK. La funci\u00f3n vhost_user_set_inflight_fd() no comprueba \"msg-)payload.inflight.num_queues\", causando posiblemente una lectura/escritura de memoria fuera de l\u00edmites. Cualquier software usando la biblioteca DPDK vhost puede fallar como resultado de esta vulnerabilidad."}], "id": "CVE-2021-3839", "lastModified": "2023-11-07T03:38:17.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-23T16:15:10.087", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2021-3839"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025882"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "secalert@redhat.com", "type": "Secondary"}]}