CVE-2020-14378

CWE-191 CWE-190 — Integer Overflow11 documents10 sources

Severity

3.3LOW

EPSS

0.1%

top 77.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dpdk Data Plane Development KIT Canonical Ubuntu Linux Opensuse Leap

Timeline

PublishedSep 30

Latest updateMay 24

Description

An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages4 packages

▶NVDdpdk/data_plane_development_kit18.02.1 — 18.11.10+1

▶Debiandpdk< 19.11.5-1+3

▶CVEListV5dpdkAll dpdk versions before 18.11.10 and before 19.11.5

▶NVDopensuse/leap15.1, 15.2+1

Also affects: Ubuntu Linux 20.04

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-prw9-fq4w-jfrf: An integer underflow in dpdk versions before 18↗2022-05-24

▶

OSV

CVE-2020-14378: An integer underflow in dpdk versions before 18↗2020-09-30

▶

CVEList

CVE-2020-14378: An integer underflow in dpdk versions before 18↗2020-09-30

▶

💥Exploits & PoCs

Exploit-DB

Tailor Management System - 'id' SQL Injection↗2020-09-09

▶

📋Vendor Advisories

Red Hat

dpdk: partial Denial of Service due to Integer Underflow↗2020-09-28

▶

Ubuntu

DPDK vulnerabilities↗2020-09-28

▶

Microsoft

▶

Debian

CVE-2020-14378: dpdk - An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the ...↗2020

▶

💬Community

Bugzilla

CVE-2020-14378 dpdk: partial Denial of Service due to Integer Underflow [fedora-all]↗2020-09-28

▶

Bugzilla

CVE-2020-14378 dpdk: partial Denial of Service due to Integer Underflow↗2020-09-16

▶