Vulnerability Details CVE-2020-14376
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.0%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.9
References
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html
- http://www.openwall.com/lists/oss-security/2021/01/04/1
- http://www.openwall.com/lists/oss-security/2021/01/04/2
- http://www.openwall.com/lists/oss-security/2021/01/04/5
- https://bugzilla.redhat.com/show_bug.cgi?id=1879470
- https://usn.ubuntu.com/4550-1/
- https://www.openwall.com/lists/oss-security/2020/09/28/3
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html
- http://www.openwall.com/lists/oss-security/2021/01/04/1
- http://www.openwall.com/lists/oss-security/2021/01/04/2
- http://www.openwall.com/lists/oss-security/2021/01/04/5
- https://bugzilla.redhat.com/show_bug.cgi?id=1879470
- https://usn.ubuntu.com/4550-1/
- https://www.openwall.com/lists/oss-security/2020/09/28/3
Products affected by CVE-2020-14376
-
cpe:2.3:a:dpdk:data_plane_development_kit:18.02.1
-
cpe:2.3:a:dpdk:data_plane_development_kit:18.02.2
-
cpe:2.3:a:dpdk:data_plane_development_kit:18.05
-
cpe:2.3:a:dpdk:data_plane_development_kit:18.08
-
cpe:2.3:a:dpdk:data_plane_development_kit:18.08.1
-
cpe:2.3:a:dpdk:data_plane_development_kit:18.11
-
cpe:2.3:a:dpdk:data_plane_development_kit:18.11.1
-
cpe:2.3:a:dpdk:data_plane_development_kit:18.11.2
-
cpe:2.3:a:dpdk:data_plane_development_kit:18.11.3
-
cpe:2.3:a:dpdk:data_plane_development_kit:18.11.4
-
cpe:2.3:a:dpdk:data_plane_development_kit:18.11.5
-
cpe:2.3:a:dpdk:data_plane_development_kit:19.02
-
cpe:2.3:a:dpdk:data_plane_development_kit:19.05
-
cpe:2.3:a:dpdk:data_plane_development_kit:19.08
-
cpe:2.3:a:dpdk:data_plane_development_kit:19.08.1
-
cpe:2.3:a:dpdk:data_plane_development_kit:19.08.2
-
cpe:2.3:a:dpdk:data_plane_development_kit:19.11
-
cpe:2.3:o:canonical:ubuntu_linux:20.04
-
cpe:2.3:o:opensuse:leap:15.1
-
cpe:2.3:o:opensuse:leap:15.2