CVE-2020-10724

CWE-190 — Integer Overflow CWE-125 — Out-of-bounds Read12 documents9 sources

Severity

4.4MEDIUM

EPSS

0.1%

top 76.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dpdk Data Plane Development KIT [unknown] Dpdk Canonical Ubuntu Linux +1 more

Timeline

PublishedMay 19

Latest updateMay 24

Description

A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:HExploitability: 0.8 | Impact: 4.2

Affected Packages4 packages

▶Debiandpdk< 19.11.2-1+3

▶Ubuntudpdk< 17.11.9-0ubuntu18.04.2+1

▶NVDdpdk/data_plane_development_kit18.11

▶CVEListV5[unknown]/dpdk18.11.8, 19.11.2, 20.02.1+2

Also affects: Fedora 32, Ubuntu Linux 18.04, 19.10, 20.04

Patches

Patch: bugs.dpdk.org ↗Patch: bugs.dpdk.org ↗

🔴Vulnerability Details

GHSA

GHSA-ffrh-qjc2-38wm: A vulnerability was found in DPDK versions 18↗2022-05-24

▶

OSV

CVE-2020-10724: A vulnerability was found in DPDK versions 18↗2020-05-19

▶

CVEList

CVE-2020-10724: A vulnerability was found in DPDK versions 18↗2020-05-19

▶

OSV

dpdk vulnerabilities↗2020-05-18

▶

📋Vendor Advisories

Ubuntu

DPDK vulnerabilities↗2020-05-18

▶

Red Hat

dpdk: librte_vhost Missing inputs validation in Vhost-crypto↗2020-05-18

▶

Microsoft

A vulnerability was found in DPDK versions 18.11 and above↗2020-05-12

▶

Debian

CVE-2020-10724: dpdk - A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto lib...↗2020

▶

💬Community

Bugzilla

Update to dpdk-19.11.3↗2020-09-01

▶

Bugzilla

CVE-2020-10724 dpdk: librte_vhost Missing inputs validation in Vhost-crypto [fedora-all]↗2020-05-18

▶

Bugzilla

CVE-2020-10724 dpdk: librte_vhost Missing inputs validation in Vhost-crypto↗2020-04-28

▶