CVE-2020-10726

CVSS v3.1

6.0

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions DPDK versions 19.11 and above

Description A vulnerability was found that allows a malicious container with direct access to the vhost-user socket to cause a resource leak by sending VHOST USER GET INFLIGHT FD messages. This can result in a denial of service due to the depletion of file descriptors and virtual memory.

Recommendations For DPDK versions 19.11 and above, consider restricting access to the vhost-user socket to prevent malicious containers from sending VHOST USER GET INFLIGHT FD messages. As a temporary workaround, monitor system resources closely to detect potential resource leaks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2020-2878

ALT-PU-2021-1176

ALT-PU-2021-2053

BDU:2021-00722

CESA-2020_4806

CVE-2020-10726

OPENSUSE-SU-2020:0693-1

OPENSUSE-SU-2020_0693-1

RHSA-2020:2295

RHSA-2020:4806

RHSA-2020_4806

SUSE-SU-2020:1334-1

SUSE-SU-2020:1335-1

USN-4362-1

Affected Products

Alt Linux

Centos

Dpdk

Linuxmint

Red Hat

Suse

Ubuntu

CVE-2020-10726

Weakness Enumeration

Related Identifiers

Affected Products

References · 38