PT-2020-3609 · Intel+6 · Dpdk+6

Published

2018-11-02

Updated

2024-06-15

CVE-2020-10722

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions DPDK versions 18.05 and above

Description A vulnerability was found in the vhost user set log base() function, related to an integer overflow. This could result in a smaller memory map than requested, possibly allowing memory corruption. The exploitation of this vulnerability may allow an attacker to access confidential data, compromise their integrity, and cause a denial of service.

Recommendations For DPDK versions 18.05 and above, consider disabling the vhost user set log base() function until a patch is available to prevent potential memory corruption. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2018-2587

ALT-PU-2020-2208

ALT-PU-2020-2214

ALT-PU-2020-2878

ALT-PU-2021-1176

ALT-PU-2021-2053

AZL-38845

BDU:2020-03944

CESA-2020_4806

CVE-2020-10722

DSA-4688-1

OPENSUSE-SU-2020:0693-1

OPENSUSE-SU-2020_0693-1

OPENSUSE-SU-2024:10727-1

RHSA-2020:2295

RHSA-2020:2296

RHSA-2020:2297

RHSA-2020:2298

RHSA-2020:2683

RHSA-2020:4114

RHSA-2020:4806

RHSA-2020_4806

RHSA-2021:0931

SUSE-SU-2020:1334-1

SUSE-SU-2020:1335-1

SUSE-SU-2020:1430-1

SUSE-SU-2020:1552-1

SUSE-SU-2020:2194-1

SUSE-SU-2020_1334-1

SUSE-SU-2020_1335-1

SUSE-SU-2020_1552-1

USN-4362-1

Affected Products

Alt Linux

Centos

Dpdk

Linuxmint

Red Hat

Suse

Ubuntu

PT-2020-3609 · Intel+6 · Dpdk+6

CVE-2020-10722

Weakness Enumeration

Related Identifiers

Affected Products

References · 58