CVE-2019-14818

CWE-401Memory LeakCWE-77210 documents8 sources
Severity
7.5HIGH
EPSS
1.1%
top 21.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Dpdk Data Plane Development KITDpdk DpdkFedoraproject Fedora+3 more
Timeline
PublishedNov 14
Latest updateMay 24

Description

A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

NVDdpdk/data_plane_development_kit16.0416.11.10+3
Debiandpdk< 18.11.4-1+3
CVEListV5dpdk/dpdk4 versions+3

Also affects: Fedora 31

Patches

Patch: bugs.dpdk.orgPatch: bugzilla.redhat.comPatch: bugs.dpdk.org

🔴Vulnerability Details

3
GHSA
GHSA-c968-9rc6-v8jv: A flaw was found in all dpdk version 172022-05-24
OSV
CVE-2019-14818: A flaw was found in all dpdk version 172019-11-14
CVEList
CVE-2019-14818: A flaw was found in all dpdk version 172019-11-14

📋Vendor Advisories

3
Ubuntu
DPDK vulnerability2019-11-13
Red Hat
dpdk: possible memory leak leads to denial of service2019-11-12
Debian
CVE-2019-14818: dpdk - A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11....2019

💬Community

3
Bugzilla
CVE-2019-14818 openvswitch: dpdk: possible memory leak leads to denial of service [openstack-rdo]2019-11-13
Bugzilla
CVE-2019-14818 dpdk: possible memory leak leads to denial of service [fedora-all]2019-11-13
Bugzilla
CVE-2019-14818 dpdk: possible memory leak leads to denial of service2019-08-05