← back
CVE-2022-28199

CVE-2022-28199

CVSS 6.5 MEDIUMEPSS 1.8%CWE-1284
In short

NVIDIA's DPDK network software has a flaw in how it handles errors during network operations, allowing an attacker to crash the service or potentially access/corrupt data sent over the network.

Technical detail

The vulnerability exists in NVIDIA MLNX_DPDK's network stack error recovery mechanism (CWE-1284: Improper Validation of Specified Type of Input). A remote attacker can exploit improper error handling to trigger denial of service conditions and achieve limited impact to data integrity and confidentiality through specially crafted network packets.

Summary generated and translated by AI from the official description.
NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products
NVIDIA · NVIDIA FLARE

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://nvidia.custhelp.com/app/answers/detail/a_id/5389https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mlx5-jbPCrqD8http://www.openwall.com/lists/oss-security/2022/09/06/2