Vulnerability Details CVE-2020-14375
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.5%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.4
References
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html
- http://www.openwall.com/lists/oss-security/2021/01/04/1
- http://www.openwall.com/lists/oss-security/2021/01/04/2
- http://www.openwall.com/lists/oss-security/2021/01/04/5
- https://bugzilla.redhat.com/show_bug.cgi?id=1879468
- https://usn.ubuntu.com/4550-1/
- https://www.openwall.com/lists/oss-security/2020/09/28/3
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html
- http://www.openwall.com/lists/oss-security/2021/01/04/1
- http://www.openwall.com/lists/oss-security/2021/01/04/2
- http://www.openwall.com/lists/oss-security/2021/01/04/5
- https://bugzilla.redhat.com/show_bug.cgi?id=1879468
- https://usn.ubuntu.com/4550-1/
- https://www.openwall.com/lists/oss-security/2020/09/28/3
Products affected by CVE-2020-14375
-
cpe:2.3:a:dpdk:data_plane_development_kit:18.02.1
-
cpe:2.3:a:dpdk:data_plane_development_kit:18.02.2
-
cpe:2.3:a:dpdk:data_plane_development_kit:18.05
-
cpe:2.3:a:dpdk:data_plane_development_kit:18.08
-
cpe:2.3:a:dpdk:data_plane_development_kit:18.08.1
-
cpe:2.3:a:dpdk:data_plane_development_kit:18.11
-
cpe:2.3:a:dpdk:data_plane_development_kit:18.11.1
-
cpe:2.3:a:dpdk:data_plane_development_kit:18.11.2
-
cpe:2.3:a:dpdk:data_plane_development_kit:18.11.3
-
cpe:2.3:a:dpdk:data_plane_development_kit:18.11.4
-
cpe:2.3:a:dpdk:data_plane_development_kit:18.11.5
-
cpe:2.3:a:dpdk:data_plane_development_kit:19.02
-
cpe:2.3:a:dpdk:data_plane_development_kit:19.05
-
cpe:2.3:a:dpdk:data_plane_development_kit:19.08
-
cpe:2.3:a:dpdk:data_plane_development_kit:19.08.1
-
cpe:2.3:a:dpdk:data_plane_development_kit:19.08.2
-
cpe:2.3:a:dpdk:data_plane_development_kit:19.11
-
cpe:2.3:o:canonical:ubuntu_linux:20.04
-
cpe:2.3:o:opensuse:leap:15.1
-
cpe:2.3:o:opensuse:leap:15.2