#VU27997 Cryptographic issues in DPDK


Published: 2020-05-19 | Updated: 2020-05-26

Vulnerability identifier: #VU27997

Vulnerability risk: Medium

CVSSv3.1: 4 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-10724

CWE-ID: CWE-310

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
DPDK
Server applications / Frameworks for developing and running applications

Vendor: DPDK Project

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to incorrect validation of keys lengths. A remote attacker can bypass certain security restrictions.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

DPDK: 20.02, 19.02 - 19.11.1, 18.02 - 18.11.8, 17.02 - 17.11.10, 16.04 - 16.11.11

External links
http://doc.dpdk.org/guides-20.02/rel_notes/release_20_02.html
http://doc.dpdk.org/guides-19.11/rel_notes/release_19_11.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Cryptographic issues in openvswitch (Alpine package)
Fast Datapath for Red Hat Enterprise Linux 8 update for openvswitch2.11
Fast Datapath for Red Hat Enterprise Linux 7 update for openvswitch2.11
Red Hat Enterprise Linux Fast Datapath update for openvswitch
OpenSUSE Linux update for dpdk
Ubuntu update for DPDK
Debian update for dpdk
Multiple vulnerabilities in DPDK