CVE-2020-14374

CWE-120 — Classic Buffer Overflow9 documents8 sources

Severity

8.8HIGH

EPSS

0.2%

top 63.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dpdk Data Plane Development KIT Canonical Ubuntu Linux Opensuse Leap

Timeline

PublishedSep 30

Latest updateMay 24

Description

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages4 packages

▶NVDdpdk/data_plane_development_kit18.02.1 — 18.11.10+1

▶Debiandpdk< 19.11.5-1+3

▶CVEListV5dpdkAll dpdk versions before 18.11.10 and before 19.11.5

▶NVDopensuse/leap15.1, 15.2+1

Also affects: Ubuntu Linux 20.04

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-c3m3-jrj3-pjqx: A flaw was found in dpdk in versions before 18↗2022-05-24

▶

CVEList

CVE-2020-14374: A flaw was found in dpdk in versions before 18↗2020-09-30

▶

OSV

CVE-2020-14374: A flaw was found in dpdk in versions before 18↗2020-09-30

▶

📋Vendor Advisories

Ubuntu

DPDK vulnerabilities↗2020-09-28

▶

Red Hat

dpdk: remote Code Execution in vhost_crypto (VM Escape)↗2020-09-28

▶

Debian

CVE-2020-14374: dpdk - A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawe...↗2020

▶

💬Community

Bugzilla

CVE-2020-14374 dpdk: remote Code Execution in vhost_crypto (VM Escape) [fedora-all]↗2020-09-28

▶

Bugzilla

CVE-2020-14374 dpdk: remote Code Execution in vhost_crypto (VM Escape)↗2020-09-16

▶