3.3

CVE-2020-14378

An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DpdkData Plane Development Kit Version >= 18.02.1 < 18.11.10
DpdkData Plane Development Kit Version >= 19.02 < 19.11.5
CanonicalUbuntu Linux Version20.04 SwEditionlts
OpensuseLeap Version15.1
OpensuseLeap Version15.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.4% 0.315
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2021/01/04/1
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2021/01/04/2
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2021/01/04/5
Third Party Advisory
Mailing List
https://usn.ubuntu.com/4550-1/
Third Party Advisory
https://www.openwall.com/lists/oss-security/2020/09/28/3
Patch
Third Party Advisory
Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=1879473
Third Party Advisory
Issue Tracking