CVE-2022-2132
CVE-2022-2132 is a high-severity vulnerability in Redhat Enterprise Linux Fast Datapath with a CVSS 3.x base score of 8.6. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-791.
Key facts
- Severity: High (CVSS 3.x base score 8.6)
- EPSS exploit prediction: 2% (75th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-791
- Affected product: Redhat Enterprise Linux Fast Datapath
- Published:
- Last modified:
Description
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
Frequently asked questions
- What is CVE-2022-2132?
- A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
- How severe is CVE-2022-2132?
- CVE-2022-2132 has a CVSS 3.x base score of 8.6, rated high severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
- Is CVE-2022-2132 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (75th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2022-2132?
- CVE-2022-2132 primarily affects Redhat Enterprise Linux Fast Datapath. In total, 12 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2022-2132?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2022-2132 published?
- CVE-2022-2132 was published on 2022-08-31 and last updated on 2026-06-17.
References
- https://bugs.dpdk.org/show_bug.cgi?id=1031
- https://bugzilla.redhat.com/show_bug.cgi?id=2099475
- https://lists.debian.org/debian-lts-announce/2022/09/msg00000.html
Affected products (12)
- cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:enterprise_linux_fast_datapath:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:enterprise_linux_fast_datapath:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:enterprise_linux_fast_datapath:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
More vulnerabilities in Redhat Enterprise Linux Fast Datapath
- CVE-2021-3905 — High (CVSS 7.5): A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this…
- CVE-2021-3839 — High (CVSS 7.5): A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate…
- CVE-2019-14818 — High (CVSS 7.5): A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x…
- CVE-2018-1059 — Medium (CVSS 6.1): The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and…
All CVEs affecting Redhat Enterprise Linux Fast Datapath →
Other CWE-791 vulnerabilities
- CVE-2025-0324 — Critical (CVSS 9.4): The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to…
- CVE-2024-47590 — High (CVSS 8.8): An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated…
- CVE-2026-44232 — High (CVSS 8.7): DSSRF is a Node.js library that provides a wide range of utilities and advanced SSRF defense checks. Prior to 1.0.3,…
- CVE-2024-45481 — High (CVSS 8.5): An Incomplete Filtering of Special Elements vulnerability in scripts using the SSH server on B&R APROL <4.4-00P5 may…
- CVE-2026-11998 — High (CVSS 7.6): A flaw in AngularJS' Strict Contextual Escaping (SCE) logic allows bypassing certain SCE policies for resource URLs and…
- CVE-2025-6761 — High (CVSS 7.3): A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. It has been rated as…