CVE-2020-10724
dpdk: librte_vhost Missing inputs validation in Vhost-crypto
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read.
Se encontró una vulnerabilidad en DPDK versiones 18.11 y superiores. Al código de la biblioteca vhost-crypto le falta comprobaciones para los valores suministrados por el usuario, permitiendo potencialmente un filtrado de información mediante una lectura de memoria fuera de límites.
An update that fixes 5 vulnerabilities is now available. This update for dpdk fixes the following issues. Fixed an integer overflow in vhost_user_set_log_base. Fixed an integer truncation in vhost_user_check_and_alloc_queue_pair. Fixed a missing inputs validation in Vhost-crypto. Fixed a segfault caused by invalid virtio descriptors sent from a malicious guest. Fixed a denial-of-service caused by VHOST_USER_GET_INFLIGHT_FD message flooding. This update was imported from the SUSE:SLE-15-SP1:Update update project.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-03-20 CVE Reserved
- 2020-05-18 CVE Published
- 2024-08-04 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10724 | Issue Tracking | |
| https://www.openwall.com/lists/oss-security/2020/05/18/2 | Mailing List |
|
| https://www.oracle.com/security-alerts/cpujan2021.html | Third Party Advisory |
|
| https://www.oracle.com/security-alerts/cpuoct2020.html | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugs.dpdk.org/show_bug.cgi?id=269 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dpdk Search vendor "Dpdk" | Data Plane Development Kit Search vendor "Dpdk" for product "Data Plane Development Kit" | <= 18.11 Search vendor "Dpdk" for product "Data Plane Development Kit" and version " <= 18.11" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04" | lts |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||