Memory Corruption in DPDK Products by DPDK Vendor
CVE-2020-10723

5.1MEDIUM

Key Information:

Vendor: [unknown]
Status: Dpdk
Vendor: CVE Published:; 19 May 2020

What is CVE-2020-10723?

A memory corruption vulnerability exists in DPDK where an integer truncation occurs on the index of a payload. This flaw is primarily seen in DPDK versions 17.05 and later. Under specific conditions, a UInt index is improperly copied and truncated to a uint16, potentially allowing for out-of-bounds accesses, which can lead to memory corruption issues. This vulnerability may risk both system stability and security, necessitating immediate attention from users of the affected DPDK versions.

Affected Version(s)

dpdk 20.02.1

dpdk 19.11.2

dpdk 18.11.8

References

https://usn.ubuntu.com/4362-1/

vendor-advisoryx_refsource_UBUNTU

http://lists.opensuse.org/opensuse-security-announce/2020...

vendor-advisoryx_refsource_SUSE

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2020
Vulnerability Reserved
Mar 20, 2020

[unknown]

What is CVE-2020-10723?

Affected Version(s)

References

CVSS V3.1

Timeline