CVE-2020-14378
Severity CVSS v4.0:
Pending analysis
Type:
CWE-191
Integer Underflow (Wrap or Wraparound)
Publication date:
30/09/2020
Last modified:
07/11/2023
Description
An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.
Impact
Base Score 3.x
3.30
Severity 3.x
LOW
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:* | 18.02.1 (including) | 18.11.10 (excluding) |
| cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:* | 19.02 (including) | 19.11.5 (excluding) |
| cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* | ||
| cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html
- http://www.openwall.com/lists/oss-security/2021/01/04/1
- http://www.openwall.com/lists/oss-security/2021/01/04/2
- http://www.openwall.com/lists/oss-security/2021/01/04/5
- https://bugzilla.redhat.com/show_bug.cgi?id=1879473
- https://usn.ubuntu.com/4550-1/
- https://www.openwall.com/lists/oss-security/2020/09/28/3