PT-2020-13989 · Intel+4 · Dpdk+4

Ryan Hall

Published

2020-09-28

Updated

2024-06-15

CVE-2020-14378

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions dpdk versions prior to 18.11.10 dpdk versions prior to 19.11.5

Description An integer underflow in the move desc function can cause large amounts of CPU cycles to be consumed in a long-running loop. An attacker could cause move desc to get stuck in a 4,294,967,295-count iteration loop. Depending on how vhost crypto is used, this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.

Recommendations For dpdk versions prior to 18.11.10, update to version 18.11.10 or later to resolve the issue. For dpdk versions prior to 19.11.5, update to version 19.11.5 or later to resolve the issue. As a temporary workaround, consider disabling the move desc function until a patch is available. Restrict access to the vhost crypto module to minimize the risk of exploitation.

Fix

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191

Related Identifiers

ALT-PU-2020-3518

ALT-PU-2021-1176

ALT-PU-2021-2053

AZL-38821

CVE-2020-14378

OPENSUSE-SU-2020:1593-1

OPENSUSE-SU-2020:1599-1

OPENSUSE-SU-2020_1593-1

OPENSUSE-SU-2020_1599-1

OPENSUSE-SU-2024:10727-1

SUSE-SU-2020:2767-1

SUSE-SU-2020:2768-1

SUSE-SU-2020:2769-1

SUSE-SU-2020:2770-1

USN-4550-1

Affected Products

Alt Linux

Linuxmint

Suse

Ubuntu

Dpdk

PT-2020-13989 · Intel+4 · Dpdk+4

CVE-2020-14378

Weakness Enumeration

Related Identifiers

Affected Products

References · 45