CVE-2020-10725
dpdk: librte_vhost Malicious guest could cause segfault by sending invalid Virtio descriptor
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`.
Se detectó un fallo en DPDK versión 19.11 y superior, que permite a un invitado malicioso causar un fallo de segmentación de la aplicación backend vhost-user que se ejecuta en el host, lo que podría resultar en una pérdida de conectividad para los otros invitados ejecutados en ese host. Esto es causado por una falta de comprobación de la validez de la dirección del descriptor en la función "virtio_dev_rx_batch_packed()".
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-03-20 CVE Reserved
- 2020-05-18 CVE Published
- 2024-08-04 CVE Updated
- 2024-09-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-665: Improper Initialization
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10725 | Issue Tracking | |
| https://www.openwall.com/lists/oss-security/2020/05/18/2 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugs.dpdk.org/show_bug.cgi?id=270 | 2023-11-07 | |
| https://www.oracle.com/security-alerts/cpujan2021.html | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dpdk Search vendor "Dpdk" | Data Plane Development Kit Search vendor "Dpdk" for product "Data Plane Development Kit" | <= 19.11 Search vendor "Dpdk" for product "Data Plane Development Kit" and version " <= 19.11" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Communications Broker Search vendor "Oracle" for product "Enterprise Communications Broker" | 3.1.0 Search vendor "Oracle" for product "Enterprise Communications Broker" and version "3.1.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Communications Broker Search vendor "Oracle" for product "Enterprise Communications Broker" | 3.2.0 Search vendor "Oracle" for product "Enterprise Communications Broker" and version "3.2.0" | - |
Affected
| ||||||