CVE-2020-14375
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Se encontró un fallo en dpdk en versiones anteriores a 18.11.10 y anteriores a 19.11.5. Los descriptores de anillo de Virtio y los datos que describen se encuentran en una región de memoria accesible tanto desde la máquina virtual como desde el host. Un atacante en una máquina virtual puede cambiar el contenido de la memoria después de que vhost_crypto lo haya validado. La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, así como la disponibilidad del sistema
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-06-17 CVE Reserved
- 2020-09-30 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2021/01/04/1 | Mailing List | |
http://www.openwall.com/lists/oss-security/2021/01/04/2 | Mailing List | |
http://www.openwall.com/lists/oss-security/2021/01/04/5 | Mailing List | |
https://bugzilla.redhat.com/show_bug.cgi?id=1879468 | Issue Tracking |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.openwall.com/lists/oss-security/2020/09/28/3 | 2021-05-05 |
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html | 2021-05-05 | |
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html | 2021-05-05 | |
https://usn.ubuntu.com/4550-1 | 2021-05-05 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Dpdk Search vendor "Dpdk" | Data Plane Development Kit Search vendor "Dpdk" for product "Data Plane Development Kit" | >= 18.02.1 < 18.11.10 Search vendor "Dpdk" for product "Data Plane Development Kit" and version " >= 18.02.1 < 18.11.10" | - |
Affected
| ||||||
Dpdk Search vendor "Dpdk" | Data Plane Development Kit Search vendor "Dpdk" for product "Data Plane Development Kit" | >= 19.02 < 19.11.5 Search vendor "Dpdk" for product "Data Plane Development Kit" and version " >= 19.02 < 19.11.5" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04" | lts |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.2 Search vendor "Opensuse" for product "Leap" and version "15.2" | - |
Affected
|