CVE-2020-14376

CWE-120 — Classic Buffer Overflow10 documents9 sources

Severity

7.8HIGH

EPSS

0.1%

top 75.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dpdk Data Plane Development KIT Canonical Ubuntu Linux Opensuse Leap

Timeline

PublishedSep 30

Latest updateMay 24

Description

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages4 packages

▶NVDdpdk/data_plane_development_kit18.02.1 — 18.11.10+1

▶Debiandpdk< 19.11.5-1+3

▶CVEListV5dpdkAll dpdk versions before 18.11.10 and before 19.11.5

▶NVDopensuse/leap15.1, 15.2+1

Also affects: Ubuntu Linux 20.04

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-rmx4-hffj-96cf: A flaw was found in dpdk in versions before 18↗2022-05-24

▶

OSV

CVE-2020-14376: A flaw was found in dpdk in versions before 18↗2020-09-30

▶

CVEList

CVE-2020-14376: A flaw was found in dpdk in versions before 18↗2020-09-30

▶

📋Vendor Advisories

Ubuntu

DPDK vulnerabilities↗2020-09-28

▶

Red Hat

dpdk: buffer overflow copying iv_data from guest to host (prepare_sym_cipher_op & prepare_sym_chain_op)↗2020-09-28

▶

Microsoft

▶

Debian

CVE-2020-14376: dpdk - A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack ...↗2020

▶

💬Community

Bugzilla

CVE-2020-14376 dpdk: buffer overflow copying iv_data from guest to host (prepare_sym_cipher_op & prepare_sym_chain_op) [fedora-all]↗2020-09-28

▶

Bugzilla

CVE-2020-14376 dpdk: buffer overflow copying iv_data from guest to host (prepare_sym_cipher_op & prepare_sym_chain_op)↗2020-09-16

▶