Published: 30/09/2020 Updated: 05/01/2021

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7.8 | Impact Score: 6 | Exploitability Score: 1.1

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

A flaw was found in dpdk in versions prior to 18.11.10 and prior to 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dpdk data plane development kit
canonical ubuntu linux 20.04
opensuse leap 15.1
opensuse leap 15.2

Debian Bug report logs - #971269 dpdk: CVEs for multiple vhost crypto issues Package: src:dpdk; Maintainer for src:dpdk is Debian DPDK Maintainers <pkg-dpdk-devel@listsaliothdebianorg>; Reported by: Luca Boccassi <bluca@debianorg> Date: Mon, 28 Sep 2020 15:45:02 UTC Severity: important Tags: security Found in ve ...

oss-sec mailing list archives   By Date By Thread </form>    Re: DPDK security advisory for multiple vhost crypto issues   From: Mauro ...

oss-sec mailing list archives   By Date By Thread </form>    Re: [dpdk-dev] [oss-security] DPDK security advisory for multiple vhost crypto issues  <!--X-Head-o ...

CWE-120 https://bugzilla.redhat.com/show_bug.cgi?id=1879470 https://www.openwall.com/lists/oss-security/2020/09/28/3 https://usn.ubuntu.com/4550-1/http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html http://www.openwall.com/lists/oss-security/2021/01/04/5 http://www.openwall.com/lists/oss-security/2021/01/04/2 http://www.openwall.com/lists/oss-security/2021/01/04/1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971269 https://nvd.nist.gov

CVE-2020-14376

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect