Vulnerability identifier: #VU27997
Vulnerability risk: Medium
CVSSv3.1: 4 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-310
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
DPDK
Server applications /
Frameworks for developing and running applications
Vendor: DPDK Project
Description
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to incorrect validation of keys lengths. A remote attacker can bypass certain security restrictions.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
DPDK: 20.02, 19.02 - 19.11.1, 18.02 - 18.11.8, 17.02 - 17.11.10, 16.04 - 16.11.11
External links
http://doc.dpdk.org/guides-20.02/rel_notes/release_20_02.html
http://doc.dpdk.org/guides-19.11/rel_notes/release_19_11.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.