[dpdk-dev] [dpdk-stable] [v18.11 PATCH v2 1/2] vhost: fix possible denial of service on SET_VRING_NUM

Kevin Traynor ktraynor at redhat.com
Tue Nov 12 16:29:18 CET 2019

Previous message: [dpdk-dev] [dpdk-stable] [v18.11 PATCH v2 2/2] vhost: fix possible denial of service by leaking FDs
Next message: [dpdk-dev] [master PATCH v2 1/2] vhost: fix possible denial of service on SET_VRING_NUM
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12/11/2019 15:19, Maxime Coquelin wrote:
> vhost_user_set_vring_num() performs multiple allocations
> without checking whether data were previously allocated.
> 
> It may cause a denial of service because of the memory leaks
> that happen if a malicious vhost-user master keeps sending
> VHOST_USER_SET_VRING_NUM request until the slave runs out
> of memory.
> 
> This issue has been assigned CVE-2019-14818
> 
> Reported-by: Jason Wang <jasowang at redhat.com>
> Signed-off-by: Maxime Coquelin <maxime.coquelin at redhat.com>
> ---

Applied, thanks.

Previous message: [dpdk-dev] [dpdk-stable] [v18.11 PATCH v2 2/2] vhost: fix possible denial of service by leaking FDs
Next message: [dpdk-dev] [master PATCH v2 1/2] vhost: fix possible denial of service on SET_VRING_NUM
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list