CVE-2019-14818

Published: Nov 14, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.

Affected (9)

Products: Dpdk: Data Plane Development Kit · Redhat: Enterprise Linux Fast Datapath, Openstack, Virtualization Eus · Fedoraproject: Fedora

1 product

Data Plane Development Kit

3 products

Enterprise Linux Fast Datapath

Virtualization Eus

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Dpdk Data Plane Development Kit	From 16.04 to 16.11.10
Dpdk Data Plane Development Kit	From 17.02 to 17.11.8
Dpdk Data Plane Development Kit	From 18.02 to 18.11.4
Dpdk Data Plane Development Kit	From 19.02 to 19.08.1

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Fast Datapath	Version 7.0
Redhat Enterprise Linux Fast Datapath	Version 8.0
Redhat Openstack	Version 10
Redhat Virtualization Eus	Version 4.2

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 31

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (16)

https://access.redhat.com/errata/RHSA-2020:0165

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0166

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0168

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0171

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0172

Source: secalert@redhat.com

Third Party Advisory

https://bugs.dpdk.org/show_bug.cgi?id=363

Source: secalert@redhat.com

Issue TrackingPatchVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14818

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULJ3C7OVBOEVDGSHYC3VCLSUHANGTFFP/

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2020:0165

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0166

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0168

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0171

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0172

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugs.dpdk.org/show_bug.cgi?id=363

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14818

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULJ3C7OVBOEVDGSHYC3VCLSUHANGTFFP/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.