PT-2020-13986 · Linux Foundation+4 · Dpdk+4

Ryan Hall

Published

2020-09-28

Updated

2024-06-15

CVE-2020-14375

CVSS v3.1

7.8

High

Vector

AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions dpdk versions prior to 18.11.10 dpdk versions prior to 19.11.5

Description A flaw was found in dpdk where virtio ring descriptors and the data they describe are in a region of memory accessible by both the virtual machine and the host. An attacker in a VM can change the contents of the memory after validation. The highest threat from this issue is to data confidentiality and integrity as well as system availability.

Recommendations For versions prior to 18.11.10, update to version 18.11.10 or later. For versions prior to 19.11.5, update to version 19.11.5 or later.

Fix

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-367

Related Identifiers

ALT-PU-2020-3518

ALT-PU-2021-1176

ALT-PU-2021-2053

CVE-2020-14375

OPENSUSE-SU-2020:1593-1

OPENSUSE-SU-2020:1599-1

OPENSUSE-SU-2020_1593-1

OPENSUSE-SU-2020_1599-1

OPENSUSE-SU-2024:10727-1

SUSE-SU-2020:2767-1

SUSE-SU-2020:2768-1

SUSE-SU-2020:2769-1

SUSE-SU-2020:2770-1

USN-4550-1

Affected Products

Alt Linux

Linuxmint

Suse

Ubuntu

Dpdk

PT-2020-13986 · Linux Foundation+4 · Dpdk+4

CVE-2020-14375

Weakness Enumeration

Related Identifiers

Affected Products

References · 45