CVE-2020-14378

 

Published at: - 30-09-2020 09:15

Last modified: - 07-10-2022 04:15

Total changes: - 2

Description

An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

 

Verification logic

 

Reference

• https://www.openwall.com/lists/oss-security/2020/09/28/3
• https://bugzilla.redhat.com/show_bug.cgi?id=1879473
• USN-4550-1-Third Party Advisory
• openSUSE-SU-2020:1593-Mailing List, Third Party Advisory
• openSUSE-SU-2020:1599-Mailing List, Third Party Advisory
• [oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues-Mailing List, Third Party Advisory
• [oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues-Mailing List, Third Party Advisory
• [oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues-Mailing List, Third Party Advisory

 

Keywords

NVD

 

CVE-2020-14378

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures