A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOSTUSERGETINFLIGHTFD / VHOSTUSERSETINFLIGHTFD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/0xxx/CVE-2022-0669.json",
"cna_assigner": "redhat",
"unresolved_ranges": [
{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"introduced": "Affects v19.11-rc1 and later, Fixed in v22.03-rc4."
},
{
"last_affected": "Affects v19.11-rc1 and later, Fixed in v22.03-rc4."
}
]
}
],
"cwe_ids": [
"CWE-400"
]
}{
"source": [
"CPE_RANGE",
"CPE_STRING",
"REFERENCES"
],
"extracted_events": [
{
"introduced": "20.02"
},
{
"fixed": "22.03"
},
{
"introduced": "19.11"
},
{
"last_affected": "19.11"
},
{
"introduced": "19.11-rc1"
},
{
"last_affected": "19.11-rc1"
},
{
"introduced": "19.11-rc2"
},
{
"last_affected": "19.11-rc2"
},
{
"introduced": "19.11-rc3"
},
{
"last_affected": "19.11-rc3"
},
{
"introduced": "19.11-rc4"
},
{
"last_affected": "19.11-rc4"
},
{
"introduced": "22.03-rc1"
},
{
"last_affected": "22.03-rc1"
},
{
"introduced": "22.03-rc2"
},
{
"last_affected": "22.03-rc2"
},
{
"introduced": "22.03-rc3"
},
{
"last_affected": "22.03-rc3"
}
],
"cpe": [
"cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*",
"cpe:2.3:a:dpdk:data_plane_development_kit:19.11:*:*:*:*:*:*:*",
"cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc1:*:*:*:*:*:*",
"cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc2:*:*:*:*:*:*",
"cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc3:*:*:*:*:*:*",
"cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc4:*:*:*:*:*:*",
"cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc1:*:*:*:*:*:*",
"cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc2:*:*:*:*:*:*",
"cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc3:*:*:*:*:*:*"
]
}"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0669.json"
"2026-07-15T00:26:34Z"
[
{
"source": "https://github.com/dpdk/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227",
"digest": {
"length": 2695.0,
"function_hash": "200223244212454310946426545990164687955"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2022-0669-46915754",
"target": {
"function": "vhost_user_get_inflight_fd",
"file": "lib/vhost/vhost_user.c"
},
"signature_type": "Function"
},
{
"source": "https://github.com/dpdk/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227",
"digest": {
"threshold": 0.9,
"line_hashes": [
"223818872768659713837531296929638434056",
"116344875714567526600993095709210440032",
"65632164188427022346067638745330342493",
"86925578931592434140037146067078323283",
"177619426305843807217480219997070703598",
"329277146593023733927617528617310912643"
]
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2022-0669-7cd925aa",
"target": {
"file": "lib/vhost/vhost_user.c"
},
"signature_type": "Line"
},
{
"source": "https://github.com/dpdk/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227",
"digest": {
"length": 2619.0,
"function_hash": "134267928438538481519605856791737735835"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2022-0669-d41ea11d",
"target": {
"function": "vhost_user_set_inflight_fd",
"file": "lib/vhost/vhost_user.c"
},
"signature_type": "Function"
}
]
{
"source": "CPE_STRING",
"extracted_events": [
{
"introduced": "2.13.0"
},
{
"last_affected": "2.13.0"
},
{
"introduced": "2.15.0"
},
{
"last_affected": "2.15.0"
}
],
"cpe": [
"cpe:2.3:a:openvswitch:openvswitch:2.13.0:*:*:*:*:*:*:*",
"cpe:2.3:a:openvswitch:openvswitch:2.15.0:*:*:*:*:*:*:*"
]
}