In function vhost_user_set_inflight_fd() which is in DPDK Vhost library, msg->payload.inflight.num_queues doesn't get checked to determine if it's out of bounds. So it could cause the program to write/read out of boundary. And in the end the software using DPDK Vhost library may crash.
Upstream commit: https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5
Created dpdk tracking bugs for this issue: Affects: fedora-all [bug 2081486]
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2022:4786 https://access.redhat.com/errata/RHSA-2022:4786
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2022:4787 https://access.redhat.com/errata/RHSA-2022:4787
This issue has been addressed in the following products: Fast Datapath for Red Hat Enterprise Linux 8 Via RHSA-2022:4788 https://access.redhat.com/errata/RHSA-2022:4788
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3839
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:8263 https://access.redhat.com/errata/RHSA-2022:8263