Vulnerability Details CVE-2019-9547
In Storage Performance Development Kit (SPDK) before 19.01, a malicious vhost client (i.e., virtual machine) could carefully construct a circular descriptor chain that would result in a partial denial of service in the SPDK vhost target, because the vhost target did not properly detect such chains.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.2%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2019-9547
-
cpe:2.3:a:spdk:storage_performance_development_kit:1.0.0
-
cpe:2.3:a:spdk:storage_performance_development_kit:1.2.0
-
cpe:2.3:a:spdk:storage_performance_development_kit:16.06
-
cpe:2.3:a:spdk:storage_performance_development_kit:16.08
-
cpe:2.3:a:spdk:storage_performance_development_kit:16.12
-
cpe:2.3:a:spdk:storage_performance_development_kit:17.03
-
cpe:2.3:a:spdk:storage_performance_development_kit:17.07
-
cpe:2.3:a:spdk:storage_performance_development_kit:17.07.1
-
cpe:2.3:a:spdk:storage_performance_development_kit:17.10
-
cpe:2.3:a:spdk:storage_performance_development_kit:17.10.1
-
cpe:2.3:a:spdk:storage_performance_development_kit:18.01
-
cpe:2.3:a:spdk:storage_performance_development_kit:18.01.1
-
cpe:2.3:a:spdk:storage_performance_development_kit:18.04
-
cpe:2.3:a:spdk:storage_performance_development_kit:18.04.1
-
cpe:2.3:a:spdk:storage_performance_development_kit:18.07
-
cpe:2.3:a:spdk:storage_performance_development_kit:18.07.1
-
cpe:2.3:a:spdk:storage_performance_development_kit:18.10
-
cpe:2.3:a:spdk:storage_performance_development_kit:18.10.1