CVE-2020-14378
Ubuntu Security Notice USN-4550-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.
Un subdesbordamiento de enteros en dpdk versiones anteriores a 18.11.10 y anteriores a 19.11.5 en la función "move_desc" puede conllevar a que sean consumidos grandes cantidades de ciclos de CPU en un bucle de larga ejecución. Un atacante podría causar que "move_desc" se atasque en un bucle de iteración de 4.294.967.295 conteos. Dependiendo de cómo se use "vhost_crypto", esto podría impedir que otras VM o tareas de la red sean atendidas por el lcore DPDK ocupado durante un período prolongado
Ryan Hall discovered that DPDK incorrectly handled vhost crypto. An attacker inside a guest could use these issues to perform multiple attacks, including denial of service attacks, obtaining sensitive information from the host, and possibly executing arbitrary code on the host.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-06-17 CVE Reserved
- 2020-09-28 CVE Published
- 2024-08-04 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-191: Integer Underflow (Wrap or Wraparound)
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2021/01/04/1 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2021/01/04/2 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2021/01/04/5 | Mailing List |
|
| https://bugzilla.redhat.com/show_bug.cgi?id=1879473 | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.openwall.com/lists/oss-security/2020/09/28/3 | 2023-11-07 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html | 2023-11-07 | |
| http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html | 2023-11-07 | |
| https://usn.ubuntu.com/4550-1 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dpdk Search vendor "Dpdk" | Data Plane Development Kit Search vendor "Dpdk" for product "Data Plane Development Kit" | >= 18.02.1 < 18.11.10 Search vendor "Dpdk" for product "Data Plane Development Kit" and version " >= 18.02.1 < 18.11.10" | - |
Affected
| ||||||
| Dpdk Search vendor "Dpdk" | Data Plane Development Kit Search vendor "Dpdk" for product "Data Plane Development Kit" | >= 19.02 < 19.11.5 Search vendor "Dpdk" for product "Data Plane Development Kit" and version " >= 19.02 < 19.11.5" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04" | lts |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.2 Search vendor "Opensuse" for product "Leap" and version "15.2" | - |
Affected
| ||||||