CVE-2019-14818
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
14/11/2019
Last modified:
07/11/2023
Description
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:* | 16.04 (including) | 16.11.10 (excluding) |
| cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:* | 17.02 (including) | 17.11.8 (excluding) |
| cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:* | 18.02 (including) | 18.11.4 (excluding) |
| cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:* | 19.02 (including) | 19.08.1 (excluding) |
| cpe:2.3:a:redhat:enterprise_linux_fast_datapath:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:enterprise_linux_fast_datapath:8.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:virtualization_eus:4.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://access.redhat.com/errata/RHSA-2020:0165
- https://access.redhat.com/errata/RHSA-2020:0166
- https://access.redhat.com/errata/RHSA-2020:0168
- https://access.redhat.com/errata/RHSA-2020:0171
- https://access.redhat.com/errata/RHSA-2020:0172
- https://bugs.dpdk.org/show_bug.cgi?id=363
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14818
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULJ3C7OVBOEVDGSHYC3VCLSUHANGTFFP/