An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2021/01/04/1 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2021/01/04/2 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2021/01/04/5 | Mailing List Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1879473 | Issue Tracking Third Party Advisory |
https://usn.ubuntu.com/4550-1/ | Third Party Advisory |
https://www.openwall.com/lists/oss-security/2020/09/28/3 | Mailing List Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
04 Nov 2021, 18:30
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-400 |
CWE-191 |
05 Jan 2021, 18:08
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 3.3 |
CPE | cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:* |
|
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html - Mailing List, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/01/04/1 - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html - Mailing List, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/01/04/2 - Mailing List, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/01/04/5 - Mailing List, Third Party Advisory |
04 Jan 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-400 | |
References |
|
Information
Published : 2020-09-30 19:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-14378
Mitre link : CVE-2020-14378
CVE.ORG link : CVE-2020-14378
JSON object : View
Products Affected
dpdk
- data_plane_development_kit
opensuse
- leap
canonical
- ubuntu_linux
CWE
CWE-191
Integer Underflow (Wrap or Wraparound)