CVE-2020-14375

CWE-3679 documents8 sources
Severity
7.8HIGH
EPSS
0.0%
top 85.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Dpdk Data Plane Development KITCanonical Ubuntu LinuxOpensuse Leap
Timeline
PublishedSep 30
Latest updateMay 24

Description

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages4 packages

NVDdpdk/data_plane_development_kit18.02.118.11.10+1
Debiandpdk< 19.11.5-1+3
CVEListV5dpdkAll dpdk versions before 18.11.10 and before 19.11.5
NVDopensuse/leap15.1, 15.2+1

Also affects: Ubuntu Linux 20.04

Patches

Patch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

3
GHSA
GHSA-m65p-x8wx-282m: A flaw was found in dpdk in versions before 182022-05-24
CVEList
CVE-2020-14375: A flaw was found in dpdk in versions before 182020-09-30
OSV
CVE-2020-14375: A flaw was found in dpdk in versions before 182020-09-30

📋Vendor Advisories

3
Red Hat
dpdk: time-of-check time-of-use vulnerabilities throughout vhost_crypto.c2020-09-28
Ubuntu
DPDK vulnerabilities2020-09-28
Debian
CVE-2020-14375: dpdk - A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ...2020

💬Community

2
Bugzilla
CVE-2020-14375 dpdk: time-of-check time-of-use vulnerabilities throughout vhost_crypto.c [fedora-all]2020-09-28
Bugzilla
CVE-2020-14375 dpdk: time-of-check time-of-use vulnerabilities throughout vhost_crypto.c2020-09-16