Segmentation Fault Vulnerability in DPDK by Intel
CVE-2020-10725

7.7HIGH

Key Information:

Vendor: [unknown]
Status: Dpdk
Vendor: CVE Published:; 20 May 2020

What is CVE-2020-10725?

A flaw in DPDK versions 19.11 and later allows an attacker to exploit the vhost-user backend application on the host. This vulnerability stems from a missing validity check in the virtio_dev_rx_batch_packed() function, which can lead to segmentation faults. As a result, the affected application may become unstable, causing loss of connectivity for other virtual guests on the same host. This vulnerability poses risks to the overall functionality and security of virtualized environments utilizing DPDK.

Affected Version(s)

dpdk 20.02.1

dpdk 19.11.2

References

http://lists.opensuse.org/opensuse-security-announce/2020...

vendor-advisoryx_refsource_SUSE

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

https://www.openwall.com/lists/oss-security/2020/05/18/2

x_refsource_MISC

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2020
Vulnerability Reserved
Mar 20, 2020

[unknown]

What is CVE-2020-10725?

Affected Version(s)

References

CVSS V3.1

Timeline