Skip to main content

Data Plane Development Kit CVE-2020-14378

LOW
Integer Underflow (CWE-191)
2020-09-30 secalert@redhat.com
3.3
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.3 LOW
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
CVE Published
Sep 30, 2020 - 19:15 nvd
LOW 3.3

DescriptionNVD

An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the move_desc function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause move_desc to get stuck in a 4,294,967,295-count iteration loop. Depending on how vhost_crypto is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.

AnalysisAI

An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the move_desc function can lead to large amounts of CPU cycles being eaten up in a long running loop. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-191. An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the move_desc function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause move_desc to get stuck in a 4,294,967,295-count iteration loop. Depending on how vhost_crypto is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period. Affected products include: Dpdk Data Plane Development Kit, Canonical Ubuntu Linux, Opensuse Leap. Version information: before 18.11.10.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-2132 HIGH POC
8.6 Aug 31

A permissive list of allowed inputs flaw was found in DPDK. Rated high severity (CVSS 8.6), this vulnerability is remote

CVE-2020-14374 HIGH
8.8 Sep 30

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 8.8), this vulnerabil

CVE-2020-14376 HIGH
7.8 Sep 30

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 7.8). This Buffer Cop

CVE-2020-14375 HIGH
7.8 Sep 30

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 7.8).

CVE-2020-10725 HIGH
7.7 May 20

A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhos

CVE-2019-14818 HIGH
7.5 Nov 14

A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x bef

CVE-2020-14377 HIGH
7.1 Sep 30

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Rated high severity (CVSS 7.1), this vulnerabil

CVE-2020-10723 MEDIUM
6.7 May 19

A memory corruption issue was found in DPDK versions 17.05 and above. Rated medium severity (CVSS 6.7), this vulnerabili

CVE-2020-10722 MEDIUM
6.7 May 19

A vulnerability was found in DPDK versions 18.05 and above. Rated medium severity (CVSS 6.7), this vulnerability is low

CVE-2022-28199 MEDIUM
6.5 Sep 01

NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where

CVE-2022-0669 MEDIUM
6.5 Aug 29

A flaw was found in dpdk. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Uncontroll

CVE-2018-1059 MEDIUM
6.1 Apr 24

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contigu

Share

CVE-2020-14378 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy