Resource Leak Vulnerability in DPDK by Intel
CVE-2020-10726

6MEDIUM

Key Information:

Vendor: [unknown]
Status: Dpdk
Vendor: CVE Published:; 20 May 2020

What is CVE-2020-10726?

A vulnerability discovered in DPDK versions 19.11 and higher allows a malicious container with direct access to the vhost-user socket to continuously send VHOST_USER_GET_INFLIGHT_FD messages. This behavior can lead to an accumulation of file descriptors and virtual memory, potentially resulting in a denial of service condition. Users of this software are encouraged to monitor their systems and apply necessary updates to mitigate the risk associated with this vulnerability.

Affected Version(s)

dpdk 20.02.1

dpdk 19.11.2

References

http://lists.opensuse.org/opensuse-security-announce/2020...

vendor-advisoryx_refsource_SUSE

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

https://www.openwall.com/lists/oss-security/2020/05/18/2

x_refsource_MISC

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2020
Vulnerability Reserved
Mar 20, 2020

[unknown]

What is CVE-2020-10726?

Affected Version(s)

References

CVSS V3.1

Timeline