CVE-2020-14374

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
dpdkdata_plane_development_kit
18.02.1 ≤
𝑥
< 18.11.10
dpdkdata_plane_development_kit
19.02 ≤
𝑥
< 19.11.5
canonicalubuntu_linux
20.04
opensuseleap
15.1
opensuseleap
15.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dpdk
bookworm
22.11.5-1~deb12u1
fixed
bullseye
20.11.10-1~deb11u1
fixed
bullseye (security)
20.11.6-1~deb11u1
fixed
sid
23.11.2-2
fixed
stretch
not-affected
trixie
23.11.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dpdk
bionic
not-affected
focal
Fixed 19.11.3-0ubuntu0.2
released
trusty
dne
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
dpdk
suse enterprise sap 12 SP5
18.11.9-3.15.1
fixed
suse enterprise sap 15 SP1
18.11.9-4.12.1
fixed
suse enterprise sap 15 SP2
19.11.4-3.9.1
fixed
suse enterprise sap 15 SP4
19.11.10-150400.2.10
fixed
suse enterprise sap 15 SP5
19.11.10-150500.3.37
fixed
suse enterprise sap 15 SP7
24.11.1-150700.1.17
fixed
suse enterprise server 12 SP5
18.11.9-3.15.1
fixed
suse enterprise server 15
18.11.9-3.25.1
fixed
suse enterprise server 15 SP1
18.11.9-4.12.1
fixed
suse enterprise server 15 SP2
19.11.4-3.9.1
fixed
suse enterprise server 15 SP4
19.11.10-150400.2.10
fixed
suse enterprise server 15 SP5
19.11.10-150500.3.37
fixed
suse enterprise server 15 SP7
24.11.1-150700.1.17
fixed
dpdk-devel
suse enterprise sap 15 SP1
18.11.9-4.12.1
fixed
suse enterprise sap 15 SP2
19.11.4-3.9.1
fixed
suse enterprise sap 15 SP4
19.11.10-150400.2.10
fixed
suse enterprise sap 15 SP5
19.11.10-150500.3.37
fixed
suse enterprise sap 15 SP7
24.11.1-150700.1.17
fixed
suse enterprise server 15
18.11.9-3.25.1
fixed
suse enterprise server 15 SP1
18.11.9-4.12.1
fixed
suse enterprise server 15 SP2
19.11.4-3.9.1
fixed
suse enterprise server 15 SP4
19.11.10-150400.2.10
fixed
suse enterprise server 15 SP5
19.11.10-150500.3.37
fixed
suse enterprise server 15 SP7
24.11.1-150700.1.17
fixed
dpdk-thunderx
suse enterprise sap 12 SP5
18.11.9-3.15.1
fixed
suse enterprise sap 15 SP2
19.11.4-3.9.1
fixed
suse enterprise sap 15 SP4
19.11.10-150400.2.8
fixed
suse enterprise sap 15 SP5
19.11.10-150500.3.36
fixed
suse enterprise sap 15 SP7
24.11.1-150700.1.15
fixed
suse enterprise server 12 SP5
18.11.9-3.15.1
fixed
suse enterprise server 15
18.11.9-3.25.1
fixed
suse enterprise server 15 SP2
19.11.4-3.9.1
fixed
suse enterprise server 15 SP4
19.11.10-150400.2.8
fixed
suse enterprise server 15 SP5
19.11.10-150500.3.36
fixed
suse enterprise server 15 SP7
24.11.1-150700.1.15
fixed
dpdk-thunderx-devel
suse enterprise sap 15 SP2
19.11.4-3.9.1
fixed
suse enterprise sap 15 SP4
19.11.10-150400.2.8
fixed
suse enterprise sap 15 SP5
19.11.10-150500.3.36
fixed
suse enterprise sap 15 SP7
24.11.1-150700.1.15
fixed
suse enterprise server 15
18.11.9-3.25.1
fixed
suse enterprise server 15 SP2
19.11.4-3.9.1
fixed
suse enterprise server 15 SP4
19.11.10-150400.2.8
fixed
suse enterprise server 15 SP5
19.11.10-150500.3.36
fixed
suse enterprise server 15 SP7
24.11.1-150700.1.15
fixed
dpdk-tools
suse enterprise sap 12 SP5
18.11.9-3.15.1
fixed
suse enterprise sap 15 SP1
18.11.9-4.12.1
fixed
suse enterprise sap 15 SP2
19.11.4-3.9.1
fixed
suse enterprise sap 15 SP4
19.11.10-150400.2.10
fixed
suse enterprise sap 15 SP5
19.11.10-150500.3.37
fixed
suse enterprise sap 15 SP7
24.11.1-150700.1.17
fixed
suse enterprise server 12 SP5
18.11.9-3.15.1
fixed
suse enterprise server 15
18.11.9-3.25.1
fixed
suse enterprise server 15 SP1
18.11.9-4.12.1
fixed
suse enterprise server 15 SP2
19.11.4-3.9.1
fixed
suse enterprise server 15 SP4
19.11.10-150400.2.10
fixed
suse enterprise server 15 SP5
19.11.10-150500.3.37
fixed
suse enterprise server 15 SP7
24.11.1-150700.1.17
fixed
libdpdk-18_11
suse enterprise sap 12 SP5
18.11.9-3.15.1
fixed
suse enterprise sap 15 SP1
18.11.9-4.12.1
fixed
suse enterprise server 12 SP5
18.11.9-3.15.1
fixed
suse enterprise server 15
18.11.9-3.25.1
fixed
suse enterprise server 15 SP1
18.11.9-4.12.1
fixed
libdpdk-20_0
suse enterprise sap 15 SP2
19.11.4-3.9.1
fixed
suse enterprise sap 15 SP4
19.11.10-150400.2.10
fixed
suse enterprise sap 15 SP5
19.11.10-150500.3.37
fixed
suse enterprise server 15 SP2
19.11.4-3.9.1
fixed
suse enterprise server 15 SP4
19.11.10-150400.2.10
fixed
suse enterprise server 15 SP5
19.11.10-150500.3.37
fixed
libdpdk-25
suse enterprise sap 15 SP7
24.11.1-150700.1.17
fixed
suse enterprise server 15 SP7
24.11.1-150700.1.17
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html
http://www.openwall.com/lists/oss-security/2021/01/04/1
http://www.openwall.com/lists/oss-security/2021/01/04/2
http://www.openwall.com/lists/oss-security/2021/01/04/5
https://bugzilla.redhat.com/show_bug.cgi?id=1879466
https://www.openwall.com/lists/oss-security/2020/09/28/3
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html
http://www.openwall.com/lists/oss-security/2021/01/04/1
http://www.openwall.com/lists/oss-security/2021/01/04/2
http://www.openwall.com/lists/oss-security/2021/01/04/5
https://bugzilla.redhat.com/show_bug.cgi?id=1879466
https://www.openwall.com/lists/oss-security/2020/09/28/3