CVE-2020-10726

Published: May 20, 2020Modified: Nov 21, 2024

4.4

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Exploitability: 0.8 / Impact: 3.6

Source: NVD

Description

A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service.

Affected (5)

Products: Dpdk: Data Plane Development Kit · Fedoraproject: Fedora · Opensuse: Leap · +1 more

Show all products

Dpdk: Data Plane Development Kit · Fedoraproject: Fedora · Opensuse: Leap · Oracle: Enterprise Communications Broker

1 product

Data Plane Development Kit

1 product

1 product

1 product

Enterprise Communications Broker

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dpdk Data Plane Development Kit	Up to 19.11

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 32

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.1

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Oracle Enterprise Communications Broker	Version 3.1.0
Oracle Enterprise Communications Broker	Version 3.2.0

Related CWEs

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (12)

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://bugs.dpdk.org/show_bug.cgi?id=271

Source: secalert@redhat.com

Issue TrackingPatchVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10726

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/

Source: secalert@redhat.com

https://www.openwall.com/lists/oss-security/2020/05/18/2

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://www.oracle.com/security-alerts/cpujan2021.html

Source: secalert@redhat.com

PatchThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://bugs.dpdk.org/show_bug.cgi?id=271

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10726

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.openwall.com/lists/oss-security/2020/05/18/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://www.oracle.com/security-alerts/cpujan2021.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.