CVE-2020-10726
published 2020-05-20CVE-2020-10726: A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending…
medium4.4CVSS 3.1
AVLACLPRHUINSUCNINAH
A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dpdk | < dpdk 19.11.2-1 (bookworm) | dpdk 19.11.2-1 (bookworm) |
| dpdk | data_plane_development_kit | <= 19.11 | — |
| dpdk | dpdk | >= 0 < 19.11.2-1 | 19.11.2-1 |
| dpdk | dpdk | >= 0 < 19.11.2-1 | 19.11.2-1 |
| dpdk | dpdk | >= 0 < 19.11.2-1 | 19.11.2-1 |
| dpdk | dpdk | >= 0 < 19.11.2-1 | 19.11.2-1 |
| dpdk | dpdk | >= 0 < 17.11.9-0ubuntu18.04.2 | 17.11.9-0ubuntu18.04.2 |
| dpdk | dpdk | >= 0 < 19.11.1-0ubuntu1.1 | 19.11.1-0ubuntu1.1 |
| fedoraproject | fedora | — | — |
| opensuse | leap | — | — |
| oracle | enterprise_communications_broker | — | — |
| oracle | enterprise_communications_broker | — | — |
CVSS provenance
nvdv3.14.4MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
osv6.7MEDIUM