CVE-2019-9547

MEDIUM

SPDK <19.01 - DoS

Title source: llm

Description

In Storage Performance Development Kit (SPDK) before 19.01, a malicious vhost client (i.e., virtual machine) could carefully construct a circular descriptor chain that would result in a partial denial of service in the SPDK vhost target, because the vhost target did not properly detect such chains.

References (2)

[Third Party Advisory] https://github.com/spdk/spdk/releases/tag/v19.01

[Third Party Advisory] https://github.com/spdk/spdk/commit/eca42c66092b9031711afe215fbc1891ee55f143

View Writeup ZIP pw:eip

Scores

CVSS v3 5.3

EPSS 0.0031

EPSS Percentile 53.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

CWE

CWE-834

Status published

Products (1)

spdk/storage_performance_development_kit < 19.01

Published Mar 01, 2019

Tracked Since Feb 18, 2026