Circular Descriptor Chain Vulnerability in SPDK Vhost Target

Circular Descriptor Chain Vulnerability in SPDK Vhost Target

CVE-2019-9547 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

In Storage Performance Development Kit (SPDK) before 19.01, a malicious vhost client (i.e., virtual machine) could carefully construct a circular descriptor chain that would result in a partial denial of service in the SPDK vhost target, because the vhost target did not properly detect such chains.

Learn more about our Web Application Penetration Testing UK.