Home » Database

AVID-2026-R1010

Description

Vulnerability CVE-2022-28199

Details

NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.

Reason for inclusion in AVID: CVE-2022-28199 describes a vulnerability in NVIDIA’s Data Plane Development Kit (MLNX_DPDK) network stack that can cause remote denial of service and impact data integrity/confidentiality. MLNX_DPDK is a software component used in AI infrastructure (e.g., NVIDIA FLARE) and other AI deployments for packet processing, making this a software supply-chain issue relevant to AI systems. The vulnerability is CVE-listed with explicit impact and references, satisfying the security/vulnerability criteria. Evidence is provided in the CVE entry and references.

References

Affected or Relevant Artifacts

  • Developer: NVIDIA
  • Deployer: NVIDIA
  • Artifact Details:
TypeName
SystemNVIDIA FLARE

Impact

AVID Taxonomy Categorization

  • Risk domains: Security
  • SEP subcategories: S0100: Software Vulnerability
  • Lifecycle stages: L06: Deployment

CVSS

Version3.1
Vector StringCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score6.5
Base Severity🟠 Medium
Attack VectorNETWORK
Attack Complexity🟢 Low
Privileges Required🟢 Low
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability Impact🔴 High

CWE

IDDescription
CWE-1284CWE-1284: Improper Validation of Specified Quantity in Input

Other information

  • Report Type: Advisory
  • Credits:
  • Date Reported: 2022-09-01
  • Version: 0.3.3
  • AVID Entry