First published: Tue Apr 28 2020(Updated: )
A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/openvswitch2.13 | <0:2.13.0-25.el8fd | 0:2.13.0-25.el8fd |
redhat/dpdk | <0:19.11.3-1.el8 | 0:19.11.3-1.el8 |
redhat/dpdk | <0:19.11-5.el8_2 | 0:19.11-5.el8_2 |
Dpdk Data Plane Development Kit | <=19.11 | |
Fedoraproject Fedora | =32 | |
openSUSE Leap | =15.1 | |
Oracle Enterprise Communications Broker | =3.1.0 | |
Oracle Enterprise Communications Broker | =3.2.0 | |
ubuntu/dpdk | <19.11.1-0ubuntu1.1 | 19.11.1-0ubuntu1.1 |
ubuntu/dpdk | <19.11.2<18.11.8<20.02.1 | 19.11.2 18.11.8 20.02.1 |
redhat/dpdk | <20.02.1 | 20.02.1 |
redhat/dpdk | <19.11.2 | 19.11.2 |
debian/dpdk | 18.11.11-1~deb10u1 18.11.11-1~deb10u2 20.11.10-1~deb11u1 20.11.6-1~deb11u1 22.11.4-1~deb12u1 23.11-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2020-10725 is a vulnerability found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, resulting in a loss of connectivity for other guests on the host.
CVE-2020-10725 has a severity rating of 7.7 (High).
DPDK version 19.11 and above are affected by CVE-2020-10725.
To fix the CVE-2020-10725 vulnerability, update DPDK to version 20.02.1 or apply the recommended patches provided by Red Hat.
You can find more information about CVE-2020-10725 at the following references: [link1], [link2], [link3].