CVE-2020-14376

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
VendorProductVersion
dpdkdata_plane_development_kit
18.02.1 ≤
𝑥
< 18.11.10
dpdkdata_plane_development_kit
19.02 ≤
𝑥
< 19.11.5
canonicalubuntu_linux
20.04
opensuseleap
15.1
opensuseleap
15.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dpdk
bullseye
20.11.10-1~deb11u1
fixed
stretch
not-affected
bullseye (security)
20.11.6-1~deb11u1
fixed
bookworm
22.11.5-1~deb12u1
fixed
sid
23.11.2-2
fixed
trixie
23.11.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dpdk
focal
Fixed 19.11.3-0ubuntu0.2
released
bionic
not-affected
xenial
not-affected
trusty
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html
http://www.openwall.com/lists/oss-security/2021/01/04/1
http://www.openwall.com/lists/oss-security/2021/01/04/2
http://www.openwall.com/lists/oss-security/2021/01/04/5
https://bugzilla.redhat.com/show_bug.cgi?id=1879470
https://usn.ubuntu.com/4550-1/
https://www.openwall.com/lists/oss-security/2020/09/28/3
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html
http://www.openwall.com/lists/oss-security/2021/01/04/1
http://www.openwall.com/lists/oss-security/2021/01/04/2
http://www.openwall.com/lists/oss-security/2021/01/04/5
https://bugzilla.redhat.com/show_bug.cgi?id=1879470
https://usn.ubuntu.com/4550-1/
https://www.openwall.com/lists/oss-security/2020/09/28/3