CVE-2020-10725

CWE-66511 documents8 sources

Severity

7.7HIGH

EPSS

0.6%

top 30.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dpdk Data Plane Development KIT [unknown] Dpdk Fedoraproject Fedora +2 more

Timeline

PublishedMay 20

Latest updateMay 24

Description

A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 3.1 | Impact: 4.0

Affected Packages6 packages

▶Debiandpdk< 19.11.2-1+3

▶Ubuntudpdk< 17.11.9-0ubuntu18.04.2+1

▶NVDdpdk/data_plane_development_kit19.11

▶CVEListV5[unknown]/dpdk19.11.2, 20.02.1+1

▶NVDopensuse/leap15.1

Also affects: Fedora 32

Patches

Patch: bugs.dpdk.org ↗Patch: www.oracle.com ↗Patch: bugs.dpdk.org ↗

🔴Vulnerability Details

GHSA

GHSA-rccg-5mcc-m2cf: A flaw was found in DPDK version 19↗2022-05-24

▶

CVEList

CVE-2020-10725: A flaw was found in DPDK version 19↗2020-05-20

▶

OSV

CVE-2020-10725: A flaw was found in DPDK version 19↗2020-05-20

▶

OSV

dpdk vulnerabilities↗2020-05-18

▶

📋Vendor Advisories

Red Hat

dpdk: librte_vhost Malicious guest could cause segfault by sending invalid Virtio descriptor↗2020-05-18

▶

Ubuntu

DPDK vulnerabilities↗2020-05-18

▶

Debian

CVE-2020-10725: dpdk - A flaw was found in DPDK version 19.11 and above that allows a malicious guest t...↗2020

▶

💬Community

Bugzilla

Update to dpdk-19.11.3↗2020-09-01

▶

Bugzilla

CVE-2020-10725 dpdk: librte_vhost Malicious guest could cause segfault by sending invalid Virtio descriptor [fedora-all]↗2020-05-18

▶

Bugzilla

CVE-2020-10725 dpdk: librte_vhost Malicious guest could cause segfault by sending invalid Virtio descriptor↗2020-04-28

▶