Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
34 vulnerabilities by DPDK
VAR-201801-0068
Vulnerability from variot - Updated: 2023-12-18 12:50On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected. The Linux kernel is the kernel used by the operating system Linux released by the American Linux Foundation. Linux kernel ixgbe driver and i40e/i40evf driver are the network card drivers; DPDK is one of the data plane development kits. Security vulnerabilities exist in several products. An attacker could exploit this vulnerability to control the throughput and latency of other virtual machines
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-0068",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dpdk",
"scope": "eq",
"trust": 1.6,
"vendor": "dpdk",
"version": null
},
{
"model": "x540",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "x710",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "kernel ixgbe",
"scope": "eq",
"trust": 1.0,
"vendor": "linux",
"version": null
},
{
"model": "kernel i40e\\/i40evf",
"scope": "eq",
"trust": 1.0,
"vendor": "linux",
"version": null
},
{
"model": "82599",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "i350",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "82576",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "dpdk",
"scope": "lt",
"trust": 0.8,
"vendor": "dpdk",
"version": "commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0"
},
{
"model": "i40e/i40evf",
"scope": "lt",
"trust": 0.8,
"vendor": "linux",
"version": "commit e7358f54a3954df16d4f87e3cad35063f1c17de5"
},
{
"model": "ixgbe",
"scope": "lt",
"trust": 0.8,
"vendor": "linux",
"version": "commit f079fa005aae08ee0e1bc32699874ff4f02e11c1"
},
{
"model": "10g 82599 ethernet controller",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "82576 gigabit ethernet controller",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "ethernet controller i350",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "ethernet controller x540",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
},
{
"model": "ethernet controller x710",
"scope": null,
"trust": 0.8,
"vendor": "intel",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008103"
},
{
"db": "NVD",
"id": "CVE-2015-1142857"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-890"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:x710_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:x710:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:82599_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:82599:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:x540_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:x540:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:i350_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:i350:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:intel:82576_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:intel:82576:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel_ixgbe:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel_i40e\\/i40evf:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dpdk:dpdk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1142857"
}
]
},
"cve": "CVE-2015-1142857",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-1142857",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-79103",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-1142857",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-1142857",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-890",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-79103",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79103"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008103"
},
{
"db": "NVD",
"id": "CVE-2015-1142857"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-890"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On multiple SR-IOV cars it is possible for VF\u0027s assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected. The Linux kernel is the kernel used by the operating system Linux released by the American Linux Foundation. Linux kernel ixgbe driver and i40e/i40evf driver are the network card drivers; DPDK is one of the data plane development kits. Security vulnerabilities exist in several products. An attacker could exploit this vulnerability to control the throughput and latency of other virtual machines",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1142857"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008103"
},
{
"db": "VULHUB",
"id": "VHN-79103"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-1142857",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008103",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-890",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-79103",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79103"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008103"
},
{
"db": "NVD",
"id": "CVE-2015-1142857"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-890"
}
]
},
"id": "VAR-201801-0068",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-79103"
}
],
"trust": 0.6629336866666666
},
"last_update_date": "2023-12-18T12:50:56.158000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top PageI",
"trust": 0.8,
"url": "http://dpdk.org/"
},
{
"title": "INTEL-SA-00046",
"trust": 0.8,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00046\u0026languageid=en-fr"
},
{
"title": "SysTutorials: i40e/i40evf",
"trust": 0.8,
"url": "https://www.systutorials.com/linux-kernels/tag/i40e-i40evf/"
},
{
"title": "Various product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=78042"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008103"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-890"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79103"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008103"
},
{
"db": "NVD",
"id": "CVE-2015-1142857"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-smolyar.pdf"
},
{
"trust": 1.7,
"url": "http://seclists.org/oss-sec/2015/q4/425"
},
{
"trust": 1.6,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00046\u0026languageid=en-fr"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1142857"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1142857"
},
{
"trust": 0.1,
"url": "https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00046\u0026amp;languageid=en-fr"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79103"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008103"
},
{
"db": "NVD",
"id": "CVE-2015-1142857"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-890"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-79103"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-008103"
},
{
"db": "NVD",
"id": "CVE-2015-1142857"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-890"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-23T00:00:00",
"db": "VULHUB",
"id": "VHN-79103"
},
{
"date": "2018-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008103"
},
{
"date": "2018-01-23T14:29:00.220000",
"db": "NVD",
"id": "CVE-2015-1142857"
},
{
"date": "2018-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-890"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-15T00:00:00",
"db": "VULHUB",
"id": "VHN-79103"
},
{
"date": "2018-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-008103"
},
{
"date": "2018-02-15T17:23:40.853000",
"db": "NVD",
"id": "CVE-2015-1142857"
},
{
"date": "2018-01-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-890"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-890"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "From multiple vendors NIC Firmware Linux kernel ixgbe Vulnerabilities related to security functions in drivers, etc.",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-008103"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-890"
}
],
"trust": 0.6
}
}
VAR-202204-2114
Vulnerability from variot - Updated: 2023-12-18 11:34A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service. DPDK of data plane development kit Products from other vendors have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state.
The oldstable distribution (buster) is not affected.
For the stable distribution (bullseye), these problems have been fixed in version 20.11.5-1~deb11u1.
We recommend that you upgrade your dpdk packages.
For the detailed security status of dpdk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/dpdk
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmJz7AsACgkQEMKTtsN8 TjYeyw/9ECSTRzzVxG0vfic14yz4vbKTayFN7hGkMwIrtpAT+iNcwR/QVznY+sPB VZxnqNRprXz4cXkTHFrIdaur7QFtGE997Eim4gDt52dmtViaKYTqx/I18dGxLnUq Vz+pck34hlAJjQA2qqF4OEaZi6p6u+RltwVN1A1GKQ/EBZ2F1xz1BCpBsXgEmB5J /GXpnBGMp7vlgveiMNDbkhPO0I4aGrmcMhPY5zIKv+ujjNZozxlqRIK83dkzdyoP 0QWoRMI3e3ANNkxLuKOBUK5f3LQf/No0xivxufN36sIEUK0WjLvDFhmt3Bt4FI+P 1j1YAvcc+LSXF7o+yNeD7tN1NguPX/kNiH1MjnimyOf803Fe4sdlwIGadHagf7P4 eEA9gGxCtM4NEydTLAGFw4dqJki9S3JJtA5m9Lw3/ZjhFg8stfM2iVDD45pmROZi LlxjjfmFH0vaQFG2nh/qXENwosk3D3Sl/o7Pinl6yWM/QstlyM6aXGYQLb9edyfS BRv2R/EsaqICA2rFN0W7dDI1eED6GVLJRGY2Hl+sV+n/ezerlIi87JTZ6c3625rv 7izW/Gzns7Az5KmDIi8wjAD1bzYq0M6zRFp9kbZc1M1s5iEvXEIsQpwg9QENGcgS Yv/7+a5NtWSih4e6enBQ0FqAHBUpNjz+q+qL8U5WovpuifsmrIM= =cq6B -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-5401-1 May 04, 2022
dpdk vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in DPDK.
Software Description: - dpdk: set of libraries for fast packet processing
Details:
Wenxiang Qian discovered that DPDK incorrectly checked certain payloads. An attacker could use this issue to cause DPDK to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-3839)
It was discovered that DPDK incorrectly handled inflight type messages. An attacker could possibly use this issue to cause DPDK to consume resources, leading to a denial of service. (CVE-2022-0669)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: dpdk 21.11.1-0ubuntu0.3
Ubuntu 21.10: dpdk 20.11.5-0ubuntu1
Ubuntu 20.04 LTS: dpdk 19.11.12-0ubuntu0.20.04.1
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openvswitch2.15 security update Advisory ID: RHSA-2022:4787-01 Product: Fast Datapath Advisory URL: https://access.redhat.com/errata/RHSA-2022:4787 Issue date: 2022-05-27 CVE Names: CVE-2021-3839 CVE-2022-0669 =====================================================================
- Summary:
An update for openvswitch2.15 is now available in Fast Datapath for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Fast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Security Fix(es):
-
openvswitch2.15: DPDK: Out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash (CVE-2021-3839)
-
openvswitch2.15: DPDK: Sending vhost-user-inflight type messages could lead to DoS (CVE-2022-0669)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Users of openvswitch2.15 are advised to upgrade to these updated packages, which fix these bugs.
- Bugs fixed (https://bugzilla.redhat.com/):
2025882 - CVE-2021-3839 DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash 2055793 - CVE-2022-0669 dpdk: sending vhost-user-inflight type messages could lead to DoS 2070343 - Failed to read database with dns hostname address 2080271 - [22.D RHEL-8] Fast Datapath Release
- Package List:
Fast Datapath for Red Hat Enterprise Linux 8:
Source: openvswitch2.15-2.15.0-99.el8fdp.src.rpm
aarch64: network-scripts-openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm openvswitch2.15-debuginfo-2.15.0-99.el8fdp.aarch64.rpm openvswitch2.15-debugsource-2.15.0-99.el8fdp.aarch64.rpm openvswitch2.15-devel-2.15.0-99.el8fdp.aarch64.rpm openvswitch2.15-ipsec-2.15.0-99.el8fdp.aarch64.rpm python3-openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.aarch64.rpm
noarch: openvswitch2.15-test-2.15.0-99.el8fdp.noarch.rpm
ppc64le: network-scripts-openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm openvswitch2.15-debuginfo-2.15.0-99.el8fdp.ppc64le.rpm openvswitch2.15-debugsource-2.15.0-99.el8fdp.ppc64le.rpm openvswitch2.15-devel-2.15.0-99.el8fdp.ppc64le.rpm openvswitch2.15-ipsec-2.15.0-99.el8fdp.ppc64le.rpm python3-openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.ppc64le.rpm
s390x: network-scripts-openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm openvswitch2.15-debuginfo-2.15.0-99.el8fdp.s390x.rpm openvswitch2.15-debugsource-2.15.0-99.el8fdp.s390x.rpm openvswitch2.15-devel-2.15.0-99.el8fdp.s390x.rpm openvswitch2.15-ipsec-2.15.0-99.el8fdp.s390x.rpm python3-openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.s390x.rpm
x86_64: network-scripts-openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm openvswitch2.15-debuginfo-2.15.0-99.el8fdp.x86_64.rpm openvswitch2.15-debugsource-2.15.0-99.el8fdp.x86_64.rpm openvswitch2.15-devel-2.15.0-99.el8fdp.x86_64.rpm openvswitch2.15-ipsec-2.15.0-99.el8fdp.x86_64.rpm python3-openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm python3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-3839 https://access.redhat.com/security/cve/CVE-2022-0669 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYpEx5NzjgjWX9erEAQilcQ/9E4LMCyo2/tSJR13aOP2BQO99IqKG770u 9Rp9+aGCp1QyurzrYGjn7WXwe0DBHTRNQVaHdJLHzmZAeSNZilXoAg620VzoKSu/ rhVtfy+EJU22H/OVkAUhExcEUIJRB0zQk6CadScdl25BUE/LNCPa2DJiTOMVi2yF G76OloY8FoI1nWVPKGetMMmI6LqOP3Bd+JwD2VG5t+krqmQSD4wKkVrcwS4TLjQm H9ZCRgg4D5G00CgYuEtetMf4A4C23n1Fd9oEdwEbPN2Q7ddSWJ1eNZ1q76p6oPtl sA7A6MXIdz3j05JjdnPRNKTJvXWnwtGYXx114UKWcSgJUYnsqCyd2auhPZSkP7iC 34z2FLzDOV7VeF2gnQTJj0h9iwpJOtcnzwC0X8w94yES5rxXKp5UHB8CiFNkUu6g lqlQKiF1JPmisJBfdlAFC1+Hs/mgJwosNq3JD5nbIaM6410YQk+TEZ331ssjVjFy Bs60J/v++KxAooPqnn0q3dbQsV1ne9pRdpiBWAzkX7mHp8ZRHscBi6zISv6CKDft 2b1CHllt/m35nUF0f6dRlJdbu/mKFixcJWiO3nqrD4TmYprl016VJ73bN30CEJIS GOdd7+rl8it4cuWDAzG7H2aTGnGSSwUr5lOkR9+hKNrO7Fel6n3PrdHS/igJMw7L 5WnVACaEc60= =WSAK -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-2114",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openshift container platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "data plane development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "dpdk",
"version": "19.11"
},
{
"model": "data plane development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "dpdk",
"version": "22.03"
},
{
"model": "openvswitch",
"scope": "eq",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.15.0"
},
{
"model": "data plane development kit",
"scope": "gte",
"trust": 1.0,
"vendor": "dpdk",
"version": "20.02"
},
{
"model": "openvswitch",
"scope": "eq",
"trust": 1.0,
"vendor": "openvswitch",
"version": "2.13.0"
},
{
"model": "data plane development kit",
"scope": "lt",
"trust": 1.0,
"vendor": "dpdk",
"version": "22.03"
},
{
"model": "red hat openshift container platform",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "data plane development kit",
"scope": null,
"trust": 0.8,
"vendor": "dpdk",
"version": null
},
{
"model": "open vswitch",
"scope": null,
"trust": 0.8,
"vendor": "open vswitch",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016014"
},
{
"db": "NVD",
"id": "CVE-2022-0669"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:22.03:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "22.03",
"versionStartIncluding": "20.02",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dpdk:data_plane_development_kit:19.11:rc4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openvswitch:openvswitch:2.15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openvswitch:openvswitch:2.13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0669"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "167299"
},
{
"db": "PACKETSTORM",
"id": "167294"
},
{
"db": "PACKETSTORM",
"id": "167298"
}
],
"trust": 0.3
},
"cve": "CVE-2022-0669",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-0669",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-0669",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-4638",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016014"
},
{
"db": "NVD",
"id": "CVE-2022-0669"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-4638"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service. DPDK of data plane development kit Products from other vendors have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. \n\nThe oldstable distribution (buster) is not affected. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 20.11.5-1~deb11u1. \n\nWe recommend that you upgrade your dpdk packages. \n\nFor the detailed security status of dpdk please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/dpdk\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmJz7AsACgkQEMKTtsN8\nTjYeyw/9ECSTRzzVxG0vfic14yz4vbKTayFN7hGkMwIrtpAT+iNcwR/QVznY+sPB\nVZxnqNRprXz4cXkTHFrIdaur7QFtGE997Eim4gDt52dmtViaKYTqx/I18dGxLnUq\nVz+pck34hlAJjQA2qqF4OEaZi6p6u+RltwVN1A1GKQ/EBZ2F1xz1BCpBsXgEmB5J\n/GXpnBGMp7vlgveiMNDbkhPO0I4aGrmcMhPY5zIKv+ujjNZozxlqRIK83dkzdyoP\n0QWoRMI3e3ANNkxLuKOBUK5f3LQf/No0xivxufN36sIEUK0WjLvDFhmt3Bt4FI+P\n1j1YAvcc+LSXF7o+yNeD7tN1NguPX/kNiH1MjnimyOf803Fe4sdlwIGadHagf7P4\neEA9gGxCtM4NEydTLAGFw4dqJki9S3JJtA5m9Lw3/ZjhFg8stfM2iVDD45pmROZi\nLlxjjfmFH0vaQFG2nh/qXENwosk3D3Sl/o7Pinl6yWM/QstlyM6aXGYQLb9edyfS\nBRv2R/EsaqICA2rFN0W7dDI1eED6GVLJRGY2Hl+sV+n/ezerlIi87JTZ6c3625rv\n7izW/Gzns7Az5KmDIi8wjAD1bzYq0M6zRFp9kbZc1M1s5iEvXEIsQpwg9QENGcgS\nYv/7+a5NtWSih4e6enBQ0FqAHBUpNjz+q+qL8U5WovpuifsmrIM=\n=cq6B\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-5401-1\nMay 04, 2022\n\ndpdk vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 21.10\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in DPDK. \n\nSoftware Description:\n- dpdk: set of libraries for fast packet processing\n\nDetails:\n\nWenxiang Qian discovered that DPDK incorrectly checked certain payloads. An\nattacker could use this issue to cause DPDK to crash, resulting in a denial\nof service, or possibly execute arbitrary code. (CVE-2021-3839)\n\nIt was discovered that DPDK incorrectly handled inflight type messages. An\nattacker could possibly use this issue to cause DPDK to consume resources,\nleading to a denial of service. (CVE-2022-0669)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n dpdk 21.11.1-0ubuntu0.3\n\nUbuntu 21.10:\n dpdk 20.11.5-0ubuntu1\n\nUbuntu 20.04 LTS:\n dpdk 19.11.12-0ubuntu0.20.04.1\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openvswitch2.15 security update\nAdvisory ID: RHSA-2022:4787-01\nProduct: Fast Datapath\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:4787\nIssue date: 2022-05-27\nCVE Names: CVE-2021-3839 CVE-2022-0669 \n=====================================================================\n\n1. Summary:\n\nAn update for openvswitch2.15 is now available in Fast Datapath for Red Hat\nEnterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nFast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nOpen vSwitch provides standard network bridging functions and support for\nthe OpenFlow protocol for remote per-flow control of traffic. \n\nSecurity Fix(es):\n\n* openvswitch2.15: DPDK: Out-of-bounds read/write in\nvhost_user_set_inflight_fd() may lead to crash (CVE-2021-3839)\n\n* openvswitch2.15: DPDK: Sending vhost-user-inflight type messages could\nlead to DoS (CVE-2022-0669)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nUsers of openvswitch2.15 are advised to upgrade to these updated packages,\nwhich fix these bugs. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2025882 - CVE-2021-3839 DPDK: out-of-bounds read/write in vhost_user_set_inflight_fd() may lead to crash\n2055793 - CVE-2022-0669 dpdk: sending vhost-user-inflight type messages could lead to DoS\n2070343 - Failed to read database with dns hostname address\n2080271 - [22.D RHEL-8] Fast Datapath Release\n\n6. Package List:\n\nFast Datapath for Red Hat Enterprise Linux 8:\n\nSource:\nopenvswitch2.15-2.15.0-99.el8fdp.src.rpm\n\naarch64:\nnetwork-scripts-openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm\nopenvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm\nopenvswitch2.15-debuginfo-2.15.0-99.el8fdp.aarch64.rpm\nopenvswitch2.15-debugsource-2.15.0-99.el8fdp.aarch64.rpm\nopenvswitch2.15-devel-2.15.0-99.el8fdp.aarch64.rpm\nopenvswitch2.15-ipsec-2.15.0-99.el8fdp.aarch64.rpm\npython3-openvswitch2.15-2.15.0-99.el8fdp.aarch64.rpm\npython3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.aarch64.rpm\n\nnoarch:\nopenvswitch2.15-test-2.15.0-99.el8fdp.noarch.rpm\n\nppc64le:\nnetwork-scripts-openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm\nopenvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm\nopenvswitch2.15-debuginfo-2.15.0-99.el8fdp.ppc64le.rpm\nopenvswitch2.15-debugsource-2.15.0-99.el8fdp.ppc64le.rpm\nopenvswitch2.15-devel-2.15.0-99.el8fdp.ppc64le.rpm\nopenvswitch2.15-ipsec-2.15.0-99.el8fdp.ppc64le.rpm\npython3-openvswitch2.15-2.15.0-99.el8fdp.ppc64le.rpm\npython3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.ppc64le.rpm\n\ns390x:\nnetwork-scripts-openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm\nopenvswitch2.15-2.15.0-99.el8fdp.s390x.rpm\nopenvswitch2.15-debuginfo-2.15.0-99.el8fdp.s390x.rpm\nopenvswitch2.15-debugsource-2.15.0-99.el8fdp.s390x.rpm\nopenvswitch2.15-devel-2.15.0-99.el8fdp.s390x.rpm\nopenvswitch2.15-ipsec-2.15.0-99.el8fdp.s390x.rpm\npython3-openvswitch2.15-2.15.0-99.el8fdp.s390x.rpm\npython3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.s390x.rpm\n\nx86_64:\nnetwork-scripts-openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm\nopenvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm\nopenvswitch2.15-debuginfo-2.15.0-99.el8fdp.x86_64.rpm\nopenvswitch2.15-debugsource-2.15.0-99.el8fdp.x86_64.rpm\nopenvswitch2.15-devel-2.15.0-99.el8fdp.x86_64.rpm\nopenvswitch2.15-ipsec-2.15.0-99.el8fdp.x86_64.rpm\npython3-openvswitch2.15-2.15.0-99.el8fdp.x86_64.rpm\npython3-openvswitch2.15-debuginfo-2.15.0-99.el8fdp.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3839\nhttps://access.redhat.com/security/cve/CVE-2022-0669\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYpEx5NzjgjWX9erEAQilcQ/9E4LMCyo2/tSJR13aOP2BQO99IqKG770u\n9Rp9+aGCp1QyurzrYGjn7WXwe0DBHTRNQVaHdJLHzmZAeSNZilXoAg620VzoKSu/\nrhVtfy+EJU22H/OVkAUhExcEUIJRB0zQk6CadScdl25BUE/LNCPa2DJiTOMVi2yF\nG76OloY8FoI1nWVPKGetMMmI6LqOP3Bd+JwD2VG5t+krqmQSD4wKkVrcwS4TLjQm\nH9ZCRgg4D5G00CgYuEtetMf4A4C23n1Fd9oEdwEbPN2Q7ddSWJ1eNZ1q76p6oPtl\nsA7A6MXIdz3j05JjdnPRNKTJvXWnwtGYXx114UKWcSgJUYnsqCyd2auhPZSkP7iC\n34z2FLzDOV7VeF2gnQTJj0h9iwpJOtcnzwC0X8w94yES5rxXKp5UHB8CiFNkUu6g\nlqlQKiF1JPmisJBfdlAFC1+Hs/mgJwosNq3JD5nbIaM6410YQk+TEZ331ssjVjFy\nBs60J/v++KxAooPqnn0q3dbQsV1ne9pRdpiBWAzkX7mHp8ZRHscBi6zISv6CKDft\n2b1CHllt/m35nUF0f6dRlJdbu/mKFixcJWiO3nqrD4TmYprl016VJ73bN30CEJIS\nGOdd7+rl8it4cuWDAzG7H2aTGnGSSwUr5lOkR9+hKNrO7Fel6n3PrdHS/igJMw7L\n5WnVACaEc60=\n=WSAK\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-0669"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016014"
},
{
"db": "VULHUB",
"id": "VHN-415255"
},
{
"db": "VULMON",
"id": "CVE-2022-0669"
},
{
"db": "PACKETSTORM",
"id": "169321"
},
{
"db": "PACKETSTORM",
"id": "167299"
},
{
"db": "PACKETSTORM",
"id": "166960"
},
{
"db": "PACKETSTORM",
"id": "167294"
},
{
"db": "PACKETSTORM",
"id": "167298"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-0669",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "166960",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167299",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016014",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.3284",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2695",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022052515",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022053026",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202204-4638",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167294",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167298",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-415255",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-0669",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169321",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415255"
},
{
"db": "VULMON",
"id": "CVE-2022-0669"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016014"
},
{
"db": "PACKETSTORM",
"id": "169321"
},
{
"db": "PACKETSTORM",
"id": "167299"
},
{
"db": "PACKETSTORM",
"id": "166960"
},
{
"db": "PACKETSTORM",
"id": "167294"
},
{
"db": "PACKETSTORM",
"id": "167298"
},
{
"db": "NVD",
"id": "CVE-2022-0669"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-4638"
}
]
},
"id": "VAR-202204-2114",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-415255"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:34:19.626000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DPDK Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=194046"
},
{
"title": "Debian CVElist Bug Report Logs: dpdk: CVE-2021-3839 and CVE-2022-0669",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b8bc18397e85f273082ea70c4090f82d"
},
{
"title": "Ubuntu Security Notice: USN-5401-1: DPDK vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5401-1"
},
{
"title": "Debian Security Advisories: DSA-5130-1 dpdk -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=c1652914039a5559306521c55fe28d7e"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-0669"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-4638"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016014"
},
{
"db": "NVD",
"id": "CVE-2022-0669"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://access.redhat.com/security/cve/cve-2022-0669"
},
{
"trust": 2.5,
"url": "https://bugs.dpdk.org/show_bug.cgi?id=922"
},
{
"trust": 2.5,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793"
},
{
"trust": 2.5,
"url": "https://github.com/dpdk/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227"
},
{
"trust": 2.5,
"url": "https://security-tracker.debian.org/tracker/cve-2022-0669"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0669"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052515"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-0669/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167299/red-hat-security-advisory-2022-4786-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3284"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166960/ubuntu-security-notice-usn-5401-1.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/dpdk-overload-via-inflight-type-messages-38252"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022053026"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2695"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3839"
},
{
"trust": 0.3,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3839"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://ubuntu.com/security/notices/usn-5401-1"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010641"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/2022/dsa-5130"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/dpdk"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:4786"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dpdk/21.11.1-0ubuntu0.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dpdk/20.11.5-0ubuntu1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dpdk/19.11.12-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:4787"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:4788"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-415255"
},
{
"db": "VULMON",
"id": "CVE-2022-0669"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016014"
},
{
"db": "PACKETSTORM",
"id": "169321"
},
{
"db": "PACKETSTORM",
"id": "167299"
},
{
"db": "PACKETSTORM",
"id": "166960"
},
{
"db": "PACKETSTORM",
"id": "167294"
},
{
"db": "PACKETSTORM",
"id": "167298"
},
{
"db": "NVD",
"id": "CVE-2022-0669"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-4638"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-415255"
},
{
"db": "VULMON",
"id": "CVE-2022-0669"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016014"
},
{
"db": "PACKETSTORM",
"id": "169321"
},
{
"db": "PACKETSTORM",
"id": "167299"
},
{
"db": "PACKETSTORM",
"id": "166960"
},
{
"db": "PACKETSTORM",
"id": "167294"
},
{
"db": "PACKETSTORM",
"id": "167298"
},
{
"db": "NVD",
"id": "CVE-2022-0669"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-4638"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-415255"
},
{
"date": "2023-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-016014"
},
{
"date": "2022-05-28T19:12:00",
"db": "PACKETSTORM",
"id": "169321"
},
{
"date": "2022-05-30T14:06:20",
"db": "PACKETSTORM",
"id": "167299"
},
{
"date": "2022-05-04T21:43:23",
"db": "PACKETSTORM",
"id": "166960"
},
{
"date": "2022-05-30T13:56:31",
"db": "PACKETSTORM",
"id": "167294"
},
{
"date": "2022-05-30T14:05:41",
"db": "PACKETSTORM",
"id": "167298"
},
{
"date": "2022-08-29T15:15:09.750000",
"db": "NVD",
"id": "CVE-2022-0669"
},
{
"date": "2022-04-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-4638"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-415255"
},
{
"date": "2023-09-29T08:07:00",
"db": "JVNDB",
"id": "JVNDB-2022-016014"
},
{
"date": "2022-09-01T20:35:47.027000",
"db": "NVD",
"id": "CVE-2022-0669"
},
{
"date": "2022-09-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-4638"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-4638"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DPDK\u00a0 of \u00a0data\u00a0plane\u00a0development\u00a0kit\u00a0 Vulnerabilities in Products from Other Vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016014"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-4638"
}
],
"trust": 0.6
}
}
CVE-2022-2132 (GCVE-0-2022-2132)
Vulnerability from nvd – Published: 2022-08-31 15:32 – Updated: 2024-08-03 00:24- CWE-791 - >CWE-183->CWE-641->CWE-770
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2099475 | x_refsource_MISC |
| https://bugs.dpdk.org/show_bug.cgi?id=1031 | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099475"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=1031"
},
{
"name": "[debian-lts-announce] 20220902 [SECURITY] [DLA 3092-1] dpdk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "dpdk 21.11, dpdk 20.11, dpdk 19.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-791",
"description": "CWE-791-\u003eCWE-183-\u003eCWE-641-\u003eCWE-770",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-02T06:06:28.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099475"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=1031"
},
{
"name": "[debian-lts-announce] 20220902 [SECURITY] [DLA 3092-1] dpdk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-2132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "dpdk 21.11, dpdk 20.11, dpdk 19.11"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-791-\u003eCWE-183-\u003eCWE-641-\u003eCWE-770"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2099475",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099475"
},
{
"name": "https://bugs.dpdk.org/show_bug.cgi?id=1031",
"refsource": "MISC",
"url": "https://bugs.dpdk.org/show_bug.cgi?id=1031"
},
{
"name": "[debian-lts-announce] 20220902 [SECURITY] [DLA 3092-1] dpdk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-2132",
"datePublished": "2022-08-31T15:32:58.000Z",
"dateReserved": "2022-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:44.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0669 (GCVE-0-2022-0669)
Vulnerability from nvd – Published: 2022-08-29 14:03 – Updated: 2024-08-02 23:32- CWE-400 - - Uncontrolled Resource Consumption.
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2055793 | x_refsource_MISC |
| https://bugs.dpdk.org/show_bug.cgi?id=922 | x_refsource_MISC |
| https://github.com/DPDK/dpdk/commit/af74f7db384ed… | x_refsource_MISC |
| https://access.redhat.com/security/cve/CVE-2022-0669 | x_refsource_MISC |
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=922"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-0669"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2022-0669"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DPDK",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects v19.11-rc1 and later, Fixed in v22.03-rc4."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 - Uncontrolled Resource Consumption.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T14:03:04.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=922"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-0669"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2022-0669"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-0669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DPDK",
"version": {
"version_data": [
{
"version_value": "Affects v19.11-rc1 and later, Fixed in v22.03-rc4."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 - Uncontrolled Resource Consumption."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793"
},
{
"name": "https://bugs.dpdk.org/show_bug.cgi?id=922",
"refsource": "MISC",
"url": "https://bugs.dpdk.org/show_bug.cgi?id=922"
},
{
"name": "https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227",
"refsource": "MISC",
"url": "https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2022-0669",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2022-0669"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2022-0669",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2022-0669"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0669",
"datePublished": "2022-08-29T14:03:04.000Z",
"dateReserved": "2022-02-17T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:46.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3839 (GCVE-0-2021-3839)
Vulnerability from nvd – Published: 2022-08-23 15:52 – Updated: 2024-08-03 17:09- CWE-125 - - Out-of-bounds Read | CWE-787 - Out-of-bounds Write
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2025882 | x_refsource_MISC |
| https://access.redhat.com/security/cve/CVE-2021-3839 | x_refsource_MISC |
| https://github.com/DPDK/dpdk/commit/6442c329b9d2d… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025882"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3839"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in dpdk v22.03"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg-\u003epayload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 - Out-of-bounds Read | CWE-787 - Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T15:52:42.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025882"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3839"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "Fixed in dpdk v22.03"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg-\u003epayload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 - Out-of-bounds Read | CWE-787 - Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2025882",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025882"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2021-3839",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2021-3839"
},
{
"name": "https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5",
"refsource": "MISC",
"url": "https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3839",
"datePublished": "2022-08-23T15:52:42.000Z",
"dateReserved": "2021-09-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14374 (GCVE-0-2020-14374)
Vulnerability from nvd – Published: 2020-09-30 19:10 – Updated: 2024-08-04 12:46| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2020/… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1879466 | x_refsource_MISC |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.openwall.com/lists/oss-security/2021/01/04/5 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2021/01/04/1 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2021/01/04/2 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879466"
},
{
"name": "openSUSE-SU-2020:1593",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All dpdk versions before 18.11.10 and before 19.11.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T15:06:18.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879466"
},
{
"name": "openSUSE-SU-2020:1593",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-14374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "All dpdk versions before 18.11.10 and before 19.11.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2020/09/28/3",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1879466",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879466"
},
{
"name": "openSUSE-SU-2020:1593",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14374",
"datePublished": "2020-09-30T19:10:16.000Z",
"dateReserved": "2020-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:46:34.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14377 (GCVE-0-2020-14377)
Vulnerability from nvd – Published: 2020-09-30 18:53 – Updated: 2024-08-04 12:46| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2020/… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1879472 | x_refsource_MISC |
| https://usn.ubuntu.com/4550-1/ | vendor-advisoryx_refsource_UBUNTU |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.openwall.com/lists/oss-security/2021/01/04/5 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2021/01/04/1 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2021/01/04/2 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:33.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879472"
},
{
"name": "USN-4550-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4550-1/"
},
{
"name": "openSUSE-SU-2020:1593",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All dpdk versions before 18.11.10 and before 19.11.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T15:06:19.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879472"
},
{
"name": "USN-4550-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4550-1/"
},
{
"name": "openSUSE-SU-2020:1593",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-14377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "All dpdk versions before 18.11.10 and before 19.11.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2020/09/28/3",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1879472",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879472"
},
{
"name": "USN-4550-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4550-1/"
},
{
"name": "openSUSE-SU-2020:1593",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14377",
"datePublished": "2020-09-30T18:53:44.000Z",
"dateReserved": "2020-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:46:33.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14376 (GCVE-0-2020-14376)
Vulnerability from nvd – Published: 2020-09-30 18:49 – Updated: 2024-08-04 12:46| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2020/… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1879470 | x_refsource_MISC |
| https://usn.ubuntu.com/4550-1/ | vendor-advisoryx_refsource_UBUNTU |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.openwall.com/lists/oss-security/2021/01/04/5 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2021/01/04/1 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2021/01/04/2 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879470"
},
{
"name": "USN-4550-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4550-1/"
},
{
"name": "openSUSE-SU-2020:1593",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All dpdk versions before 18.11.10 and before 19.11.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T15:06:21.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879470"
},
{
"name": "USN-4550-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4550-1/"
},
{
"name": "openSUSE-SU-2020:1593",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-14376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "All dpdk versions before 18.11.10 and before 19.11.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2020/09/28/3",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1879470",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879470"
},
{
"name": "USN-4550-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4550-1/"
},
{
"name": "openSUSE-SU-2020:1593",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14376",
"datePublished": "2020-09-30T18:49:04.000Z",
"dateReserved": "2020-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:46:34.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14375 (GCVE-0-2020-14375)
Vulnerability from nvd – Published: 2020-09-30 18:42 – Updated: 2024-08-04 12:46| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1879468 | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2020/… | x_refsource_MISC |
| https://usn.ubuntu.com/4550-1/ | vendor-advisoryx_refsource_UBUNTU |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.openwall.com/lists/oss-security/2021/01/04/5 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2021/01/04/1 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2021/01/04/2 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879468"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"name": "USN-4550-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4550-1/"
},
{
"name": "openSUSE-SU-2020:1593",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All dpdk versions before 18.11.10 and before 19.11.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T15:06:21.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879468"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"name": "USN-4550-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4550-1/"
},
{
"name": "openSUSE-SU-2020:1593",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-14375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "All dpdk versions before 18.11.10 and before 19.11.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-367"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1879468",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879468"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/09/28/3",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"name": "USN-4550-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4550-1/"
},
{
"name": "openSUSE-SU-2020:1593",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14375",
"datePublished": "2020-09-30T18:42:58.000Z",
"dateReserved": "2020-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:46:34.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14378 (GCVE-0-2020-14378)
Vulnerability from nvd – Published: 2020-09-30 00:00 – Updated: 2024-08-04 12:46- CWE-191 - leads to CWE-400
| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2020/… | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1879473 | |
| https://usn.ubuntu.com/4550-1/ | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://www.openwall.com/lists/oss-security/2021/01/04/5 | mailing-list |
| http://www.openwall.com/lists/oss-security/2021/01/04/1 | mailing-list |
| http://www.openwall.com/lists/oss-security/2021/01/04/2 | mailing-list |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:33.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879473"
},
{
"name": "USN-4550-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4550-1/"
},
{
"name": "openSUSE-SU-2020:1593",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All dpdk versions before 18.11.10 and before 19.11.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191 leads to CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879473"
},
{
"name": "USN-4550-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4550-1/"
},
{
"name": "openSUSE-SU-2020:1593",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14378",
"datePublished": "2020-09-30T00:00:00.000Z",
"dateReserved": "2020-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:46:33.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10725 (GCVE-0-2020-10725)
Vulnerability from nvd – Published: 2020-05-20 13:16 – Updated: 2024-08-04 11:14| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.openwall.com/lists/oss-security/2020/… | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpujan2021.html | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://bugs.dpdk.org/show_bug.cgi?id=270 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:14.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2020:0693",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10725"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=270"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "20.02.1"
},
{
"status": "affected",
"version": "19.11.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T14:42:03.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2020:0693",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10725"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=270"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "20.02.1"
},
{
"version_value": "19.11.2"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.7/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-665"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2020:0693",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/05/18/2",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10725",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10725"
},
{
"name": "https://bugs.dpdk.org/show_bug.cgi?id=270",
"refsource": "MISC",
"url": "https://bugs.dpdk.org/show_bug.cgi?id=270"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10725",
"datePublished": "2020-05-20T13:16:55.000Z",
"dateReserved": "2020-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:14:14.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10726 (GCVE-0-2020-10726)
Vulnerability from nvd – Published: 2020-05-20 13:04 – Updated: 2024-08-04 11:14| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.openwall.com/lists/oss-security/2020/… | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpujan2021.html | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://bugs.dpdk.org/show_bug.cgi?id=271 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:15.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2020:0693",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10726"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=271"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "20.02.1"
},
{
"status": "affected",
"version": "19.11.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T14:42:03.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2020:0693",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10726"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=271"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "20.02.1"
},
{
"version_value": "19.11.2"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2020:0693",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/05/18/2",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10726",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10726"
},
{
"name": "https://bugs.dpdk.org/show_bug.cgi?id=271",
"refsource": "MISC",
"url": "https://bugs.dpdk.org/show_bug.cgi?id=271"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10726",
"datePublished": "2020-05-20T13:04:47.000Z",
"dateReserved": "2020-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:14:15.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10722 (GCVE-0-2020-10722)
Vulnerability from nvd – Published: 2020-05-19 18:04 – Updated: 2024-08-04 11:14| URL | Tags |
|---|---|
| https://usn.ubuntu.com/4362-1/ | vendor-advisoryx_refsource_UBUNTU |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://www.openwall.com/lists/oss-security/2020/… | x_refsource_MISC |
| https://bugs.dpdk.org/show_bug.cgi?id=267 | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpujan2021.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:14.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-4362-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4362-1/"
},
{
"name": "openSUSE-SU-2020:0693",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10722"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=267"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "20.02.1"
},
{
"status": "affected",
"version": "19.11.2"
},
{
"status": "affected",
"version": "18.11.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T14:42:03.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-4362-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4362-1/"
},
{
"name": "openSUSE-SU-2020:0693",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10722"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=267"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10722",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "20.02.1"
},
{
"version_value": "19.11.2"
},
{
"version_value": "18.11.8"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.1/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-4362-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4362-1/"
},
{
"name": "openSUSE-SU-2020:0693",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10722",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10722"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/05/18/2",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"name": "https://bugs.dpdk.org/show_bug.cgi?id=267",
"refsource": "MISC",
"url": "https://bugs.dpdk.org/show_bug.cgi?id=267"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10722",
"datePublished": "2020-05-19T18:04:15.000Z",
"dateReserved": "2020-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:14:14.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10723 (GCVE-0-2020-10723)
Vulnerability from nvd – Published: 2020-05-19 18:02 – Updated: 2024-08-04 11:14| URL | Tags |
|---|---|
| https://usn.ubuntu.com/4362-1/ | vendor-advisoryx_refsource_UBUNTU |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2020/… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://bugs.dpdk.org/show_bug.cgi?id=268 | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpujan2021.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:14.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-4362-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4362-1/"
},
{
"name": "openSUSE-SU-2020:0693",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10723"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=268"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "20.02.1"
},
{
"status": "affected",
"version": "19.11.2"
},
{
"status": "affected",
"version": "18.11.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T14:42:03.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-4362-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4362-1/"
},
{
"name": "openSUSE-SU-2020:0693",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10723"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=268"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "20.02.1"
},
{
"version_value": "19.11.2"
},
{
"version_value": "18.11.8"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.1/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-4362-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4362-1/"
},
{
"name": "openSUSE-SU-2020:0693",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/05/18/2",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10723",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10723"
},
{
"name": "https://bugs.dpdk.org/show_bug.cgi?id=268",
"refsource": "MISC",
"url": "https://bugs.dpdk.org/show_bug.cgi?id=268"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10723",
"datePublished": "2020-05-19T18:02:46.000Z",
"dateReserved": "2020-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:14:14.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10724 (GCVE-0-2020-10724)
Vulnerability from nvd – Published: 2020-05-19 17:59 – Updated: 2024-08-04 11:14| URL | Tags |
|---|---|
| https://usn.ubuntu.com/4362-1/ | vendor-advisoryx_refsource_UBUNTU |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2020/… | x_refsource_MISC |
| https://bugs.dpdk.org/show_bug.cgi?id=269 | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://www.oracle.com/security-alerts/cpujan2021.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:15.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-4362-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4362-1/"
},
{
"name": "openSUSE-SU-2020:0693",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=269"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10724"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "20.02.1"
},
{
"status": "affected",
"version": "19.11.2"
},
{
"status": "affected",
"version": "18.11.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T14:42:03.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-4362-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4362-1/"
},
{
"name": "openSUSE-SU-2020:0693",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=269"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10724"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "20.02.1"
},
{
"version_value": "19.11.2"
},
{
"version_value": "18.11.8"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.1/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-4362-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4362-1/"
},
{
"name": "openSUSE-SU-2020:0693",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/05/18/2",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"name": "https://bugs.dpdk.org/show_bug.cgi?id=269",
"refsource": "MISC",
"url": "https://bugs.dpdk.org/show_bug.cgi?id=269"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10724",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10724"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10724",
"datePublished": "2020-05-19T17:59:21.000Z",
"dateReserved": "2020-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:14:15.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14818 (GCVE-0-2019-14818)
Vulnerability from nvd – Published: 2019-11-14 00:00 – Updated: 2024-08-05 00:26| URL | Tags |
|---|---|
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://access.redhat.com/errata/RHSA-2020:0166 | vendor-advisory |
| https://access.redhat.com/errata/RHSA-2020:0165 | vendor-advisory |
| https://access.redhat.com/errata/RHSA-2020:0168 | vendor-advisory |
| https://access.redhat.com/errata/RHSA-2020:0172 | vendor-advisory |
| https://access.redhat.com/errata/RHSA-2020:0171 | vendor-advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | |
| https://bugs.dpdk.org/show_bug.cgi?id=363 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:39.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2019-019df9a459",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULJ3C7OVBOEVDGSHYC3VCLSUHANGTFFP/"
},
{
"name": "RHSA-2020:0166",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0166"
},
{
"name": "RHSA-2020:0165",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0165"
},
{
"name": "RHSA-2020:0168",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0168"
},
{
"name": "RHSA-2020:0172",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0172"
},
{
"name": "RHSA-2020:0171",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0171"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14818"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=363"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "DPDK",
"versions": [
{
"status": "affected",
"version": "all dpdk version 17.x.x before 17.11.8"
},
{
"status": "affected",
"version": "all dpdk version 16.x.x before 16.11.10"
},
{
"status": "affected",
"version": "all dpdk version 18.x.x before 18.11.4"
},
{
"status": "affected",
"version": "all dpdk version 19.x.x before 19.08.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2019-019df9a459",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULJ3C7OVBOEVDGSHYC3VCLSUHANGTFFP/"
},
{
"name": "RHSA-2020:0166",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0166"
},
{
"name": "RHSA-2020:0165",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0165"
},
{
"name": "RHSA-2020:0168",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0168"
},
{
"name": "RHSA-2020:0172",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0172"
},
{
"name": "RHSA-2020:0171",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0171"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14818"
},
{
"url": "https://bugs.dpdk.org/show_bug.cgi?id=363"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-14818",
"datePublished": "2019-11-14T00:00:00.000Z",
"dateReserved": "2019-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:26:39.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2132 (GCVE-0-2022-2132)
Vulnerability from cvelistv5 – Published: 2022-08-31 15:32 – Updated: 2024-08-03 00:24- CWE-791 - >CWE-183->CWE-641->CWE-770
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2099475 | x_refsource_MISC |
| https://bugs.dpdk.org/show_bug.cgi?id=1031 | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099475"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=1031"
},
{
"name": "[debian-lts-announce] 20220902 [SECURITY] [DLA 3092-1] dpdk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "dpdk 21.11, dpdk 20.11, dpdk 19.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-791",
"description": "CWE-791-\u003eCWE-183-\u003eCWE-641-\u003eCWE-770",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-02T06:06:28.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099475"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=1031"
},
{
"name": "[debian-lts-announce] 20220902 [SECURITY] [DLA 3092-1] dpdk security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-2132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "dpdk 21.11, dpdk 20.11, dpdk 19.11"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-791-\u003eCWE-183-\u003eCWE-641-\u003eCWE-770"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2099475",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099475"
},
{
"name": "https://bugs.dpdk.org/show_bug.cgi?id=1031",
"refsource": "MISC",
"url": "https://bugs.dpdk.org/show_bug.cgi?id=1031"
},
{
"name": "[debian-lts-announce] 20220902 [SECURITY] [DLA 3092-1] dpdk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-2132",
"datePublished": "2022-08-31T15:32:58.000Z",
"dateReserved": "2022-06-20T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:44.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0669 (GCVE-0-2022-0669)
Vulnerability from cvelistv5 – Published: 2022-08-29 14:03 – Updated: 2024-08-02 23:32- CWE-400 - - Uncontrolled Resource Consumption.
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2055793 | x_refsource_MISC |
| https://bugs.dpdk.org/show_bug.cgi?id=922 | x_refsource_MISC |
| https://github.com/DPDK/dpdk/commit/af74f7db384ed… | x_refsource_MISC |
| https://access.redhat.com/security/cve/CVE-2022-0669 | x_refsource_MISC |
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=922"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-0669"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2022-0669"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DPDK",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Affects v19.11-rc1 and later, Fixed in v22.03-rc4."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 - Uncontrolled Resource Consumption.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T14:03:04.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=922"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-0669"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2022-0669"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-0669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DPDK",
"version": {
"version_data": [
{
"version_value": "Affects v19.11-rc1 and later, Fixed in v22.03-rc4."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 - Uncontrolled Resource Consumption."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055793"
},
{
"name": "https://bugs.dpdk.org/show_bug.cgi?id=922",
"refsource": "MISC",
"url": "https://bugs.dpdk.org/show_bug.cgi?id=922"
},
{
"name": "https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227",
"refsource": "MISC",
"url": "https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2022-0669",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2022-0669"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2022-0669",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2022-0669"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0669",
"datePublished": "2022-08-29T14:03:04.000Z",
"dateReserved": "2022-02-17T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:32:46.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3839 (GCVE-0-2021-3839)
Vulnerability from cvelistv5 – Published: 2022-08-23 15:52 – Updated: 2024-08-03 17:09- CWE-125 - - Out-of-bounds Read | CWE-787 - Out-of-bounds Write
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2025882 | x_refsource_MISC |
| https://access.redhat.com/security/cve/CVE-2021-3839 | x_refsource_MISC |
| https://github.com/DPDK/dpdk/commit/6442c329b9d2d… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:09.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025882"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3839"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in dpdk v22.03"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg-\u003epayload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 - Out-of-bounds Read | CWE-787 - Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T15:52:42.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025882"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-3839"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "Fixed in dpdk v22.03"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg-\u003epayload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 - Out-of-bounds Read | CWE-787 - Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2025882",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025882"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2021-3839",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2021-3839"
},
{
"name": "https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5",
"refsource": "MISC",
"url": "https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3839",
"datePublished": "2022-08-23T15:52:42.000Z",
"dateReserved": "2021-09-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:09:09.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14374 (GCVE-0-2020-14374)
Vulnerability from cvelistv5 – Published: 2020-09-30 19:10 – Updated: 2024-08-04 12:46| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2020/… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1879466 | x_refsource_MISC |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.openwall.com/lists/oss-security/2021/01/04/5 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2021/01/04/1 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2021/01/04/2 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879466"
},
{
"name": "openSUSE-SU-2020:1593",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All dpdk versions before 18.11.10 and before 19.11.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T15:06:18.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879466"
},
{
"name": "openSUSE-SU-2020:1593",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-14374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "All dpdk versions before 18.11.10 and before 19.11.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2020/09/28/3",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1879466",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879466"
},
{
"name": "openSUSE-SU-2020:1593",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14374",
"datePublished": "2020-09-30T19:10:16.000Z",
"dateReserved": "2020-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:46:34.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14377 (GCVE-0-2020-14377)
Vulnerability from cvelistv5 – Published: 2020-09-30 18:53 – Updated: 2024-08-04 12:46| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2020/… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1879472 | x_refsource_MISC |
| https://usn.ubuntu.com/4550-1/ | vendor-advisoryx_refsource_UBUNTU |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.openwall.com/lists/oss-security/2021/01/04/5 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2021/01/04/1 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2021/01/04/2 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:33.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879472"
},
{
"name": "USN-4550-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4550-1/"
},
{
"name": "openSUSE-SU-2020:1593",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All dpdk versions before 18.11.10 and before 19.11.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T15:06:19.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879472"
},
{
"name": "USN-4550-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4550-1/"
},
{
"name": "openSUSE-SU-2020:1593",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-14377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "All dpdk versions before 18.11.10 and before 19.11.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2020/09/28/3",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1879472",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879472"
},
{
"name": "USN-4550-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4550-1/"
},
{
"name": "openSUSE-SU-2020:1593",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14377",
"datePublished": "2020-09-30T18:53:44.000Z",
"dateReserved": "2020-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:46:33.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14376 (GCVE-0-2020-14376)
Vulnerability from cvelistv5 – Published: 2020-09-30 18:49 – Updated: 2024-08-04 12:46| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2020/… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1879470 | x_refsource_MISC |
| https://usn.ubuntu.com/4550-1/ | vendor-advisoryx_refsource_UBUNTU |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.openwall.com/lists/oss-security/2021/01/04/5 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2021/01/04/1 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2021/01/04/2 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879470"
},
{
"name": "USN-4550-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4550-1/"
},
{
"name": "openSUSE-SU-2020:1593",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All dpdk versions before 18.11.10 and before 19.11.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T15:06:21.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879470"
},
{
"name": "USN-4550-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4550-1/"
},
{
"name": "openSUSE-SU-2020:1593",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-14376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "All dpdk versions before 18.11.10 and before 19.11.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2020/09/28/3",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1879470",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879470"
},
{
"name": "USN-4550-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4550-1/"
},
{
"name": "openSUSE-SU-2020:1593",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14376",
"datePublished": "2020-09-30T18:49:04.000Z",
"dateReserved": "2020-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:46:34.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14375 (GCVE-0-2020-14375)
Vulnerability from cvelistv5 – Published: 2020-09-30 18:42 – Updated: 2024-08-04 12:46| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1879468 | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2020/… | x_refsource_MISC |
| https://usn.ubuntu.com/4550-1/ | vendor-advisoryx_refsource_UBUNTU |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| http://www.openwall.com/lists/oss-security/2021/01/04/5 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2021/01/04/1 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2021/01/04/2 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879468"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"name": "USN-4550-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4550-1/"
},
{
"name": "openSUSE-SU-2020:1593",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All dpdk versions before 18.11.10 and before 19.11.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T15:06:21.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879468"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"name": "USN-4550-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4550-1/"
},
{
"name": "openSUSE-SU-2020:1593",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-14375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "All dpdk versions before 18.11.10 and before 19.11.5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-367"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1879468",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879468"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/09/28/3",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"name": "USN-4550-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4550-1/"
},
{
"name": "openSUSE-SU-2020:1593",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14375",
"datePublished": "2020-09-30T18:42:58.000Z",
"dateReserved": "2020-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:46:34.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14378 (GCVE-0-2020-14378)
Vulnerability from cvelistv5 – Published: 2020-09-30 00:00 – Updated: 2024-08-04 12:46- CWE-191 - leads to CWE-400
| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2020/… | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1879473 | |
| https://usn.ubuntu.com/4550-1/ | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisory |
| http://www.openwall.com/lists/oss-security/2021/01/04/5 | mailing-list |
| http://www.openwall.com/lists/oss-security/2021/01/04/1 | mailing-list |
| http://www.openwall.com/lists/oss-security/2021/01/04/2 | mailing-list |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:33.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879473"
},
{
"name": "USN-4550-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4550-1/"
},
{
"name": "openSUSE-SU-2020:1593",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All dpdk versions before 18.11.10 and before 19.11.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191 leads to CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879473"
},
{
"name": "USN-4550-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4550-1/"
},
{
"name": "openSUSE-SU-2020:1593",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
},
{
"name": "openSUSE-SU-2020:1599",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
},
{
"name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
},
{
"name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14378",
"datePublished": "2020-09-30T00:00:00.000Z",
"dateReserved": "2020-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:46:33.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10725 (GCVE-0-2020-10725)
Vulnerability from cvelistv5 – Published: 2020-05-20 13:16 – Updated: 2024-08-04 11:14| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.openwall.com/lists/oss-security/2020/… | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpujan2021.html | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://bugs.dpdk.org/show_bug.cgi?id=270 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:14.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2020:0693",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10725"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=270"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "20.02.1"
},
{
"status": "affected",
"version": "19.11.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T14:42:03.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2020:0693",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10725"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=270"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "20.02.1"
},
{
"version_value": "19.11.2"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.7/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-665"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2020:0693",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/05/18/2",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10725",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10725"
},
{
"name": "https://bugs.dpdk.org/show_bug.cgi?id=270",
"refsource": "MISC",
"url": "https://bugs.dpdk.org/show_bug.cgi?id=270"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10725",
"datePublished": "2020-05-20T13:16:55.000Z",
"dateReserved": "2020-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:14:14.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10726 (GCVE-0-2020-10726)
Vulnerability from cvelistv5 – Published: 2020-05-20 13:04 – Updated: 2024-08-04 11:14| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.openwall.com/lists/oss-security/2020/… | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpujan2021.html | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://bugs.dpdk.org/show_bug.cgi?id=271 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:15.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2020:0693",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10726"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=271"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "20.02.1"
},
{
"status": "affected",
"version": "19.11.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T14:42:03.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2020:0693",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10726"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=271"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "20.02.1"
},
{
"version_value": "19.11.2"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2020:0693",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/05/18/2",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10726",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10726"
},
{
"name": "https://bugs.dpdk.org/show_bug.cgi?id=271",
"refsource": "MISC",
"url": "https://bugs.dpdk.org/show_bug.cgi?id=271"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10726",
"datePublished": "2020-05-20T13:04:47.000Z",
"dateReserved": "2020-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:14:15.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10722 (GCVE-0-2020-10722)
Vulnerability from cvelistv5 – Published: 2020-05-19 18:04 – Updated: 2024-08-04 11:14| URL | Tags |
|---|---|
| https://usn.ubuntu.com/4362-1/ | vendor-advisoryx_refsource_UBUNTU |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://www.openwall.com/lists/oss-security/2020/… | x_refsource_MISC |
| https://bugs.dpdk.org/show_bug.cgi?id=267 | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpujan2021.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:14.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-4362-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4362-1/"
},
{
"name": "openSUSE-SU-2020:0693",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10722"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=267"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "20.02.1"
},
{
"status": "affected",
"version": "19.11.2"
},
{
"status": "affected",
"version": "18.11.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T14:42:03.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-4362-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4362-1/"
},
{
"name": "openSUSE-SU-2020:0693",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10722"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=267"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10722",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "20.02.1"
},
{
"version_value": "19.11.2"
},
{
"version_value": "18.11.8"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.1/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-4362-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4362-1/"
},
{
"name": "openSUSE-SU-2020:0693",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10722",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10722"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/05/18/2",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"name": "https://bugs.dpdk.org/show_bug.cgi?id=267",
"refsource": "MISC",
"url": "https://bugs.dpdk.org/show_bug.cgi?id=267"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10722",
"datePublished": "2020-05-19T18:04:15.000Z",
"dateReserved": "2020-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:14:14.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10723 (GCVE-0-2020-10723)
Vulnerability from cvelistv5 – Published: 2020-05-19 18:02 – Updated: 2024-08-04 11:14| URL | Tags |
|---|---|
| https://usn.ubuntu.com/4362-1/ | vendor-advisoryx_refsource_UBUNTU |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2020/… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://bugs.dpdk.org/show_bug.cgi?id=268 | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpujan2021.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:14.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-4362-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4362-1/"
},
{
"name": "openSUSE-SU-2020:0693",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10723"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=268"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "20.02.1"
},
{
"status": "affected",
"version": "19.11.2"
},
{
"status": "affected",
"version": "18.11.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T14:42:03.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-4362-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4362-1/"
},
{
"name": "openSUSE-SU-2020:0693",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10723"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=268"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "20.02.1"
},
{
"version_value": "19.11.2"
},
{
"version_value": "18.11.8"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.1/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-4362-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4362-1/"
},
{
"name": "openSUSE-SU-2020:0693",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/05/18/2",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10723",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10723"
},
{
"name": "https://bugs.dpdk.org/show_bug.cgi?id=268",
"refsource": "MISC",
"url": "https://bugs.dpdk.org/show_bug.cgi?id=268"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10723",
"datePublished": "2020-05-19T18:02:46.000Z",
"dateReserved": "2020-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:14:14.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10724 (GCVE-0-2020-10724)
Vulnerability from cvelistv5 – Published: 2020-05-19 17:59 – Updated: 2024-08-04 11:14| URL | Tags |
|---|---|
| https://usn.ubuntu.com/4362-1/ | vendor-advisoryx_refsource_UBUNTU |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2020/… | x_refsource_MISC |
| https://bugs.dpdk.org/show_bug.cgi?id=269 | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://www.oracle.com/security-alerts/cpujan2021.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:15.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-4362-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4362-1/"
},
{
"name": "openSUSE-SU-2020:0693",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=269"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10724"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "20.02.1"
},
{
"status": "affected",
"version": "19.11.2"
},
{
"status": "affected",
"version": "18.11.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T14:42:03.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "USN-4362-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4362-1/"
},
{
"name": "openSUSE-SU-2020:0693",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=269"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10724"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "20.02.1"
},
{
"version_value": "19.11.2"
},
{
"version_value": "18.11.8"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.1/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-4362-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4362-1/"
},
{
"name": "openSUSE-SU-2020:0693",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/05/18/2",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"name": "https://bugs.dpdk.org/show_bug.cgi?id=269",
"refsource": "MISC",
"url": "https://bugs.dpdk.org/show_bug.cgi?id=269"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10724",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10724"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10724",
"datePublished": "2020-05-19T17:59:21.000Z",
"dateReserved": "2020-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:14:15.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-14818 (GCVE-0-2019-14818)
Vulnerability from cvelistv5 – Published: 2019-11-14 00:00 – Updated: 2024-08-05 00:26| URL | Tags |
|---|---|
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://access.redhat.com/errata/RHSA-2020:0166 | vendor-advisory |
| https://access.redhat.com/errata/RHSA-2020:0165 | vendor-advisory |
| https://access.redhat.com/errata/RHSA-2020:0168 | vendor-advisory |
| https://access.redhat.com/errata/RHSA-2020:0172 | vendor-advisory |
| https://access.redhat.com/errata/RHSA-2020:0171 | vendor-advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | |
| https://bugs.dpdk.org/show_bug.cgi?id=363 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:39.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2019-019df9a459",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULJ3C7OVBOEVDGSHYC3VCLSUHANGTFFP/"
},
{
"name": "RHSA-2020:0166",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0166"
},
{
"name": "RHSA-2020:0165",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0165"
},
{
"name": "RHSA-2020:0168",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0168"
},
{
"name": "RHSA-2020:0172",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0172"
},
{
"name": "RHSA-2020:0171",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0171"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14818"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=363"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "DPDK",
"versions": [
{
"status": "affected",
"version": "all dpdk version 17.x.x before 17.11.8"
},
{
"status": "affected",
"version": "all dpdk version 16.x.x before 16.11.10"
},
{
"status": "affected",
"version": "all dpdk version 18.x.x before 18.11.4"
},
{
"status": "affected",
"version": "all dpdk version 19.x.x before 19.08.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2019-019df9a459",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULJ3C7OVBOEVDGSHYC3VCLSUHANGTFFP/"
},
{
"name": "RHSA-2020:0166",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0166"
},
{
"name": "RHSA-2020:0165",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0165"
},
{
"name": "RHSA-2020:0168",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0168"
},
{
"name": "RHSA-2020:0172",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0172"
},
{
"name": "RHSA-2020:0171",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0171"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14818"
},
{
"url": "https://bugs.dpdk.org/show_bug.cgi?id=363"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-14818",
"datePublished": "2019-11-14T00:00:00.000Z",
"dateReserved": "2019-08-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:26:39.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}