Home

CVE-2020-10725

Description

A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function virtio_dev_rx_batch_packed().

Risk Information

Base Score
7.7
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.606

Associated Vulnerability

VulnerabilityOS Platform
set of libraries for fast packet processing (USN-4362-1) dpdk_19.11.1-0ubuntu1.1_amd64.debLinux
set of libraries for fast packet processing (USN-4362-1) dpdk_17.11.9-0ubuntu18.04.2_i386.debLinux
set of libraries for fast packet processing (USN-4362-1) dpdk_17.11.9-0ubuntu18.04.2_amd64.debLinux
set of libraries for fast packet processing (USN-4362-1) dpdk_18.11.5-0ubuntu0.19.10.2_i386.debLinux
set of libraries for fast packet processing (USN-4362-1) dpdk_18.11.5-0ubuntu0.19.10.2_amd64.debLinux
(RHSA-2020:4806)Important: security, bug fix, and enhancement update dpdk-19.11.3-1.el8.x86_64.rpmLinux
(RHSA-2020:4806)Important: security, bug fix, and enhancement update dpdk-debuginfo-19.11.3-1.el8.x86_64.rpmLinux
(RHSA-2020:4806)Important: security, bug fix, and enhancement update dpdk-debugsource-19.11.3-1.el8.x86_64.rpmLinux
(RHSA-2020:4806)Important: security, bug fix, and enhancement update dpdk-devel-19.11.3-1.el8.x86_64.rpmLinux
(RHSA-2020:4806)Important: security, bug fix, and enhancement update dpdk-devel-debuginfo-19.11.3-1.el8.x86_64.rpmLinux
(RHSA-2020:4806)Important: security, bug fix, and enhancement update dpdk-doc-19.11.3-1.el8.noarch.rpmLinux
(RHSA-2020:4806)Important: security, bug fix, and enhancement update dpdk-tools-19.11.3-1.el8.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234