Main Vulnerability Database Vulnerabilities #VU47312

Integer overflow in DPDK - CVE-2020-14378

Published: September 30, 2020 / Updated: October 5, 2020

Vulnerability identifier: #VU47312

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-14378

CWE-ID: CWE-190

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
DPDK

Software vendor:
DPDK Project

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in the move_desc() function. A remote user on the guest OS can consume large amounts of CPU cycles and prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.

Remediation

Install updates from vendor's website.

External links

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html
https://bugzilla.redhat.com/show_bug.cgi?id=1879473
https://usn.ubuntu.com/4550-1/
https://www.openwall.com/lists/oss-security/2020/09/28/3

Integer overflow in DPDK - CVE-2020-14378

Description

Remediation

External links

Please verify you're human