7.5

CVE-2019-14818

A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DpdkData Plane Development Kit Version >= 16.04 < 16.11.10
DpdkData Plane Development Kit Version >= 17.02 < 17.11.8
DpdkData Plane Development Kit Version >= 18.02 < 18.11.4
DpdkData Plane Development Kit Version >= 19.02 < 19.08.1
RedhatOpenstack Version10
RedhatVirtualization Eus Version4.2
FedoraprojectFedora Version31
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.82% 0.847
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
secalert@redhat.com 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://access.redhat.com/errata/RHSA-2020:0165
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0166
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0168
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0171
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0172
Third Party Advisory
https://bugs.dpdk.org/show_bug.cgi?id=363
Patch
Vendor Advisory
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14818
Patch
Third Party Advisory
Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULJ3C7OVBOEVDGSHYC3VCLSUHANGTFFP/