CVE-2022-2132
First published: Tue Jun 21 2022(Updated: )
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/dpdk | <21.11 | 21.11 |
| redhat/dpdk | <20.11 | 20.11 |
| redhat/dpdk | <19.11 | 19.11 |
| redhat/openvswitch2.11 | <0:2.11.3-96.2.el7fd | 0:2.11.3-96.2.el7fd |
| redhat/openvswitch2.16 | <0:2.16.0-89.2.el8fd | 0:2.16.0-89.2.el8fd |
| redhat/openvswitch2.17 | <0:2.17.0-37.3.el8fd | 0:2.17.0-37.3.el8fd |
| redhat/openvswitch2.13 | <0:2.13.0-193.2.el8fd | 0:2.13.0-193.2.el8fd |
| redhat/openvswitch2.15 | <0:2.15.0-113.2.el8fd | 0:2.15.0-113.2.el8fd |
| redhat/openvswitch2.17 | <0:2.17.0-32.3.el9fd | 0:2.17.0-32.3.el9fd |
| redhat/dpdk | <0:18.11.8-2.el7_9 | 0:18.11.8-2.el7_9 |
| redhat/dpdk | <0:21.11-2.el8_7 | 0:21.11-2.el8_7 |
| redhat/dpdk | <0:18.11.2-5.el8_1 | 0:18.11.2-5.el8_1 |
| redhat/dpdk | <0:19.11-6.el8_2 | 0:19.11-6.el8_2 |
| redhat/dpdk | <0:20.11-4.el8_4 | 0:20.11-4.el8_4 |
| redhat/dpdk | <0:21.11-2.el8_6 | 0:21.11-2.el8_6 |
| redhat/dpdk | <2:21.11.2-1.el9_1 | 2:21.11.2-1.el9_1 |
| redhat/dpdk | <2:21.11-2.el9_0 | 2:21.11-2.el9_0 |
| Dpdk Data Plane Development Kit | <19.11 | |
| Dpdk Data Plane Development Kit | >=20.0<20.11 | |
| Dpdk Data Plane Development Kit | >=21.0<21.11 | |
| Fedoraproject Fedora | =36 | |
| Debian Debian Linux | =10.0 | |
| Redhat Enterprise Linux Fast Datapath | =7.0 | |
| Redhat Enterprise Linux Fast Datapath | =8.0 | |
| Redhat Enterprise Linux Fast Datapath | =9.0 | |
| Redhat Openshift Container Platform | =4.0 | |
| Redhat Openstack Platform | =13.0 | |
| Redhat Virtualization | =4.0 | |
| Redhat Enterprise Linux | =7.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugs.dpdk.org/show_bug.cgi?id=1031
- https://bugzilla.redhat.com/show_bug.cgi?id=2099475
- https://lists.debian.org/debian-lts-announce/2022/09/msg00000.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2122335
- https://beaker.engineering.redhat.com/jobs/6962774
- https://docs.google.com/spreadsheets/d/1EUbENq1LQsaUTcQLTQZCmmIrDvYMeDXgl1vEqjoF5kM/edit?usp=sharing
- https://access.redhat.com/errata/RHSA-2022:6386
- https://access.redhat.com/errata/RHSA-2022:6385
- https://access.redhat.com/errata/RHSA-2022:6384
- https://access.redhat.com/errata/RHSA-2022:6383
- https://access.redhat.com/errata/RHSA-2022:6382
- https://access.redhat.com/errata/RHSA-2022:6551
- https://access.redhat.com/errata/RHSA-2022:6850
- https://access.redhat.com/errata/RHSA-2022:7268
- https://access.redhat.com/errata/RHSA-2022:8263
- https://access.redhat.com/security/cve/cve-2022-2132
- https://access.redhat.com/errata/RHSA-2023:0167
- https://access.redhat.com/errata/RHSA-2023:0168
- https://access.redhat.com/errata/RHSA-2023:0166
- https://access.redhat.com/errata/RHSA-2023:0172
- https://access.redhat.com/errata/RHSA-2023:0169
- https://access.redhat.com/errata/RHSA-2023:0170
- https://access.redhat.com/errata/RHSA-2023:0171
- https://www.cve.org/CVERecord?id=CVE-2022-2132 https://nvd.nist.gov/vuln/detail/CVE-2022-2132 https://bugs.dpdk.org/show_bug.cgi?id=1031
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2022-2132.
What is the severity of CVE-2022-2132?
The severity of CVE-2022-2132 is high with a CVSS score of 8.6.
What is the affected software for CVE-2022-2132?
The affected software for CVE-2022-2132 includes DPDK versions up to 21.11, openvswitch2.11 up to 2.17, and various Redhat Linux distributions.
How can I fix CVE-2022-2132?
To fix CVE-2022-2132, update DPDK to version 21.11 or apply the recommended patches for your specific software or distribution.
Where can I find more information on CVE-2022-2132?
You can find more information on CVE-2022-2132 in the provided references.
- collector/redhat-cve
- collector/nvd-index
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/author
- agent/references
- agent/severity
- agent/remedy
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-2132
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- agent/trending
- package-manager/redhat
- vendor/dpdk
- canonical/dpdk data plane development kit
- version/dpdk data plane development kit/20.0
- version/dpdk data plane development kit/21.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/36
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- vendor/redhat
- canonical/redhat enterprise linux fast datapath
- version/redhat enterprise linux fast datapath/7.0
- version/redhat enterprise linux fast datapath/8.0
- version/redhat enterprise linux fast datapath/9.0
- canonical/redhat openshift container platform
- version/redhat openshift container platform/4.0
- canonical/redhat openstack platform
- version/redhat openstack platform/13.0
- canonical/redhat virtualization
- version/redhat virtualization/4.0
- canonical/redhat enterprise linux
- version/redhat enterprise linux/7.0
- version/redhat enterprise linux/8.0
- version/redhat enterprise linux/9.0