CVE-2020-10725
published 2020-05-20CVE-2020-10725: A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on…
high7.7CVSS 3.1
AVNACLPRLUINSCCNINAH
A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dpdk | < dpdk 19.11.2-1 (bookworm) | dpdk 19.11.2-1 (bookworm) |
| dpdk | data_plane_development_kit | <= 19.11 | — |
| dpdk | dpdk | >= 0 < 19.11.2-1 | 19.11.2-1 |
| dpdk | dpdk | >= 0 < 19.11.2-1 | 19.11.2-1 |
| dpdk | dpdk | >= 0 < 19.11.2-1 | 19.11.2-1 |
| dpdk | dpdk | >= 0 < 19.11.2-1 | 19.11.2-1 |
| dpdk | dpdk | >= 0 < 17.11.9-0ubuntu18.04.2 | 17.11.9-0ubuntu18.04.2 |
| dpdk | dpdk | >= 0 < 19.11.1-0ubuntu1.1 | 19.11.1-0ubuntu1.1 |
| fedoraproject | fedora | — | — |
| opensuse | leap | — | — |
| oracle | enterprise_communications_broker | — | — |
| oracle | enterprise_communications_broker | — | — |
CVSS provenance
nvdv3.17.7HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
osv7.7HIGH