CVE-2020-14378

Published: Sep 30, 2020Modified: Nov 21, 2024

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.

Affected (5)

Products: Dpdk: Data Plane Development Kit · Canonical: Ubuntu Linux · Opensuse: Leap

1 product

Data Plane Development Kit

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Dpdk Data Plane Development Kit	From 18.02.1 to 18.11.10
Dpdk Data Plane Development Kit	From 19.02 to 19.11.5

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 20.04
Opensuse Leap	Version 15.1
Opensuse Leap	Version 15.2

Related CWEs

Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References (16)

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/01/04/1

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/01/04/2

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/01/04/5

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1879473

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://usn.ubuntu.com/4550-1/

Source: secalert@redhat.com

Third Party Advisory

https://www.openwall.com/lists/oss-security/2020/09/28/3

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/01/04/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/01/04/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/01/04/5

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1879473

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://usn.ubuntu.com/4550-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.openwall.com/lists/oss-security/2020/09/28/3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

Timeline

No history available yet.