CVE-2020-14375
https://notcve.org/view.php?id=CVE-2020-14375
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en dpdk en versiones anteriores a 18.11.10 y anteriores a 19.11.5. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html http://www.openwall.com/lists/oss-security/2021/01/04/1 http://www.openwall.com/lists/oss-security/2021/01/04/2 http://www.openwall.com/lists/oss-security/2021/01/04/5 https://bugzilla.redhat.com/show_bug.cgi?id=1879468 https://usn.ubuntu.com/4550-1 https://www.openwall.com/lists/oss-security/2020/09/28/3 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2020-14378
https://notcve.org/view.php?id=CVE-2020-14378
An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period. Un subdesbordamiento de enteros en dpdk versiones anteriores a 18.11.10 y anteriores a 19.11.5 en la función "move_desc" puede conllevar a que sean consumidos grandes cantidades de ciclos de CPU en un bucle de larga ejecución. Un atacante podría causar que "move_desc" se atasque en un bucle de iteración de 4.294.967.295 conteos. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html http://www.openwall.com/lists/oss-security/2021/01/04/1 http://www.openwall.com/lists/oss-security/2021/01/04/2 http://www.openwall.com/lists/oss-security/2021/01/04/5 https://bugzilla.redhat.com/show_bug.cgi?id=1879473 https://usn.ubuntu.com/4550-1 https://www.openwall.com/lists/oss-security/2020/09/28/3 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVE-2020-14374
https://notcve.org/view.php?id=CVE-2020-14374
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en dpdk en versiones anteriores a 18.11.10 y anteriores a 19.11.5. Una comprobación de límites fallida en la función copy_data conlleva a un desbordamiento del búfer que permite a un atacante en una máquina virtual escribir datos arbitrarios en cualquier dirección en la aplicación vhost_crypto. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html http://www.openwall.com/lists/oss-security/2021/01/04/1 http://www.openwall.com/lists/oss-security/2021/01/04/2 http://www.openwall.com/lists/oss-security/2021/01/04/5 https://bugzilla.redhat.com/show_bug.cgi?id=1879466 https://www.openwall.com/lists/oss-security/2020/09/28/3 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2020-10726 – dpdk: librte_vhost VHOST_USER_GET_INFLIGHT_FD message flooding to result in a DoS
https://notcve.org/view.php?id=CVE-2020-10726
A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service. Se detectó una vulnerabilidad en DPDK versiones 19.11 y superiores. Un contenedor malicioso que presenta acceso directo al socket vhost-user puede seguir enviando mensajes de VHOST_USER_GET_INFLIGHT_FD, causando una filtración de recursos (descriptores de archivos y memoria virtual), lo que puede resultar en una denegación de servicio. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html https://bugs.dpdk.org/show_bug.cgi?id=271 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10726 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4 https://www.openwall.com/lists/oss-security/2020/05/18/2 https://www.oracle.com/security-alerts/cpujan2021.html https://access.redhat.com/security/cve/CVE-2020-10726 https://bugzilla.redhat.com • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVE-2020-10725 – dpdk: librte_vhost Malicious guest could cause segfault by sending invalid Virtio descriptor
https://notcve.org/view.php?id=CVE-2020-10725
A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`. Se detectó un fallo en DPDK versión 19.11 y superior, que permite a un invitado malicioso causar un fallo de segmentación de la aplicación backend vhost-user que se ejecuta en el host, lo que podría resultar en una pérdida de conectividad para los otros invitados ejecutados en ese host. Esto es causado por una falta de comprobación de la validez de la dirección del descriptor en la función "virtio_dev_rx_batch_packed()". • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html https://bugs.dpdk.org/show_bug.cgi?id=270 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10725 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4 https://www.openwall.com/lists/oss-security/2020/05/18/2 https://www.oracle.com/security-alerts/cpujan2021.html https://access.redhat.com/security/cve/CVE-2020-10725 https://bugzilla.redhat.com • CWE-665: Improper Initialization •