CVE-2020-10726

CWE-190 — Integer Overflow CWE-400 — Uncontrolled Resource Consumption11 documents8 sources

Severity

4.4MEDIUM

EPSS

0.1%

top 70.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dpdk Data Plane Development KIT [unknown] Dpdk Fedoraproject Fedora +2 more

Timeline

PublishedMay 20

Latest updateMay 24

Description

A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.5 | Impact: 4.0

Affected Packages6 packages

▶Debiandpdk< 19.11.2-1+3

▶Ubuntudpdk< 17.11.9-0ubuntu18.04.2+1

▶NVDdpdk/data_plane_development_kit19.11

▶CVEListV5[unknown]/dpdk19.11.2, 20.02.1+1

▶NVDopensuse/leap15.1

Also affects: Fedora 32

Patches

Patch: bugs.dpdk.org ↗Patch: www.oracle.com ↗Patch: bugs.dpdk.org ↗

🔴Vulnerability Details

GHSA

GHSA-whmr-hj5c-pm9g: A vulnerability was found in DPDK versions 19↗2022-05-24

▶

OSV

CVE-2020-10726: A vulnerability was found in DPDK versions 19↗2020-05-20

▶

CVEList

CVE-2020-10726: A vulnerability was found in DPDK versions 19↗2020-05-20

▶

OSV

dpdk vulnerabilities↗2020-05-18

▶

📋Vendor Advisories

Ubuntu

DPDK vulnerabilities↗2020-05-18

▶

Red Hat

dpdk: librte_vhost VHOST_USER_GET_INFLIGHT_FD message flooding to result in a DoS↗2020-05-18

▶

Debian

CVE-2020-10726: dpdk - A vulnerability was found in DPDK versions 19.11 and above. A malicious containe...↗2020

▶

💬Community

Bugzilla

Update to dpdk-19.11.3↗2020-09-01

▶

Bugzilla

CVE-2020-10726 dpdk: librte_vhost VHOST_USER_GET_INFLIGHT_FD message flooding to result in a DoS [fedora-all]↗2020-05-18

▶

Bugzilla

CVE-2020-10726 dpdk: librte_vhost VHOST_USER_GET_INFLIGHT_FD message flooding to result in a DoS↗2020-04-28

▶