CVE-2020-10722

CWE-190 — Integer Overflow13 documents10 sources

Severity

6.7MEDIUM

EPSS

0.1%

top 66.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dpdk Data Plane Development KIT Oracle Communications Session Border Controller [unknown] Dpdk +4 more

Timeline

PublishedMay 19

Latest updateMay 24

Description

A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:HExploitability: 0.8 | Impact: 4.2

Affected Packages7 packages

▶Debiandpdk< 19.11.2-1+3

▶Ubuntudpdk< 17.11.9-0ubuntu18.04.2+1

▶NVDdpdk/data_plane_development_kit18.05

▶CVEListV5[unknown]/dpdk18.11.8, 19.11.2, 20.02.1+2

▶NVDoracle/communications_session_border_controller8.2 — 8.4

Also affects: Fedora 32, Ubuntu Linux 18.04, 19.10, 20.04

Patches

Patch: bugs.dpdk.org ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-63gx-gp99-wcgc: A vulnerability was found in DPDK versions 18↗2022-05-24

▶

OSV

CVE-2020-10722: A vulnerability was found in DPDK versions 18↗2020-05-19

▶

CVEList

CVE-2020-10722: A vulnerability was found in DPDK versions 18↗2020-05-19

▶

OSV

dpdk vulnerabilities↗2020-05-18

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: Platform (DPDK) — CVE-2020-10722↗2020-10-15

▶

Ubuntu

DPDK vulnerabilities↗2020-05-18

▶

Red Hat

dpdk: librte_vhost Integer overflow in vhost_user_set_log_base()↗2020-05-18

▶

Microsoft

▶

Debian

CVE-2020-10722: dpdk - A vulnerability was found in DPDK versions 18.05 and above. A missing check for ...↗2020

▶

💬Community

Bugzilla

Update to dpdk-19.11.3↗2020-09-01

▶

Bugzilla

CVE-2020-10722 dpdk: librte_vhost Interger overflow in vhost_user_set_log_base() [fedora-all]↗2020-05-18

▶

Bugzilla

CVE-2020-10722 dpdk: librte_vhost Integer overflow in vhost_user_set_log_base()↗2020-04-28

▶