Vulnerability Details CVE-2019-9547
In Storage Performance Development Kit (SPDK) before 19.01, a malicious vhost client (i.e., virtual machine) could carefully construct a circular descriptor chain that would result in a partial denial of service in the SPDK vhost target, because the vhost target did not properly detect such chains.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 71.2%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
Products affected by CVE-2019-9547
-
cpe:2.3:a:spdk:storage_performance_development_kit:1.0.0
-
cpe:2.3:a:spdk:storage_performance_development_kit:1.2.0
-
cpe:2.3:a:spdk:storage_performance_development_kit:16.06
-
cpe:2.3:a:spdk:storage_performance_development_kit:16.08
-
cpe:2.3:a:spdk:storage_performance_development_kit:16.12
-
cpe:2.3:a:spdk:storage_performance_development_kit:17.03
-
cpe:2.3:a:spdk:storage_performance_development_kit:17.07
-
cpe:2.3:a:spdk:storage_performance_development_kit:17.07.1
-
cpe:2.3:a:spdk:storage_performance_development_kit:17.10
-
cpe:2.3:a:spdk:storage_performance_development_kit:17.10.1
-
cpe:2.3:a:spdk:storage_performance_development_kit:18.01
-
cpe:2.3:a:spdk:storage_performance_development_kit:18.01.1
-
cpe:2.3:a:spdk:storage_performance_development_kit:18.04
-
cpe:2.3:a:spdk:storage_performance_development_kit:18.04.1
-
cpe:2.3:a:spdk:storage_performance_development_kit:18.07
-
cpe:2.3:a:spdk:storage_performance_development_kit:18.07.1
-
cpe:2.3:a:spdk:storage_performance_development_kit:18.10
-
cpe:2.3:a:spdk:storage_performance_development_kit:18.10.1