CVE-2020-14374

EUVD-2020-6514
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
dpdkdata_plane_development_kit
18.02.1 ≤
𝑥
< 18.11.10
dpdkdata_plane_development_kit
19.02 ≤
𝑥
< 19.11.5
canonicalubuntu_linux
20.04
opensuseleap
15.1
opensuseleap
15.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dpdk
bookworm
22.11.5-1~deb12u1
fixed
bullseye
20.11.10-1~deb11u1
fixed
bullseye (security)
20.11.6-1~deb11u1
fixed
sid
23.11.2-2
fixed
stretch
not-affected
trixie
23.11.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dpdk
bionic
not-affected
focal
Fixed 19.11.3-0ubuntu0.2
released
trusty
dne
xenial
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html
http://www.openwall.com/lists/oss-security/2021/01/04/1
http://www.openwall.com/lists/oss-security/2021/01/04/2
http://www.openwall.com/lists/oss-security/2021/01/04/5
https://bugzilla.redhat.com/show_bug.cgi?id=1879466
https://www.openwall.com/lists/oss-security/2020/09/28/3
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html
http://www.openwall.com/lists/oss-security/2021/01/04/1
http://www.openwall.com/lists/oss-security/2021/01/04/2
http://www.openwall.com/lists/oss-security/2021/01/04/5
https://bugzilla.redhat.com/show_bug.cgi?id=1879466
https://www.openwall.com/lists/oss-security/2020/09/28/3