Integer overflow in DPDK - CVE-2020-14378

 

Integer overflow in DPDK - CVE-2020-14378

Published: September 30, 2020 / Updated: October 5, 2020


Vulnerability identifier: #VU47312
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-14378
CWE-ID: CWE-190
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: DPDK Project
Affected software:
DPDK

Detailed vulnerability description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in the move_desc() function. A remote user on the guest OS can consume large amounts of CPU cycles and prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.


How to mitigate CVE-2020-14378

Install updates from vendor's website.

Sources