Integer Overflow Vulnerability in DPDK Affects Multiple Versions
CVE-2020-10722

5.1MEDIUM

Key Information:

Vendor: [unknown]
Status: Dpdk
Vendor: CVE Published:; 19 May 2020

What is CVE-2020-10722?

A vulnerability has been identified in Data Plane Development Kit (DPDK) affecting versions 18.05 and later. This issue arises from a missing validation for integer overflow in the function vhost_user_set_log_base(). As a consequence, the memory map size requested may be smaller than intended, potentially leading to memory corruption. This could expose systems to a range of risks, including unauthorized access or unexpected behavior. It's imperative for users to update to patched versions to mitigate this risk.

Affected Version(s)

dpdk 20.02.1

dpdk 19.11.2

dpdk 18.11.8

References

https://usn.ubuntu.com/4362-1/

vendor-advisoryx_refsource_UBUNTU

http://lists.opensuse.org/opensuse-security-announce/2020...

vendor-advisoryx_refsource_SUSE

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2020
Vulnerability Reserved
Mar 20, 2020

[unknown]

What is CVE-2020-10722?

Affected Version(s)

References

CVSS V3.1

Timeline