7.1

CVE-2020-14377

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability.

Data is provided by the National Vulnerability Database (NVD)
DpdkData Plane Development Kit Version >= 18.02.1 < 18.11.10
DpdkData Plane Development Kit Version >= 19.02 < 19.11.5
CanonicalUbuntu Linux Version20.04 SwEditionlts
OpensuseLeap Version15.1
OpensuseLeap Version15.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.06% 0.203
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
nvd@nist.gov 3.6 3.9 4.9
AV:L/AC:L/Au:N/C:P/I:N/A:P
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://usn.ubuntu.com/4550-1/
Third Party Advisory
https://www.openwall.com/lists/oss-security/2020/09/28/3
Patch
Third Party Advisory
Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=1879472
Third Party Advisory
Issue Tracking