Out-of-Bounds Memory Read/Write Vulnerability in DPDK vhost Library

Out-of-Bounds Memory Read/Write Vulnerability in DPDK vhost Library

CVE-2021-3839 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.

Learn more about our User Device Pen Test.