Data Plane Development Kit
CVE-2020-10726
MEDIUM
Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service.
AnalysisAI
A vulnerability was found in DPDK versions 19.11 and above. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
Technical ContextAI
This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service. Affected products include: Dpdk Data Plane Development Kit, Fedoraproject Fedora, Opensuse Leap, Oracle Enterprise Communications Broker.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.
More in Data Plane Development Kit
View allA permissive list of allowed inputs flaw was found in DPDK. Rated high severity (CVSS 8.6), this vulnerability is remote
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 8.8), this vulnerabil
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 7.8). This Buffer Cop
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 7.8).
A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhos
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x bef
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 7.1), this vulnerabil
A memory corruption issue was found in DPDK versions 17.05 and above. Rated medium severity (CVSS 6.7), this vulnerabili
A vulnerability was found in DPDK versions 18.05 and above. Rated medium severity (CVSS 6.7), this vulnerability is low
NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where
A flaw was found in dpdk. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Uncontroll
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contigu
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today