First published: Wed Sep 16 2020(Updated: )
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dpdk Data Plane Development Kit | >=18.02.1<18.11.10 | |
Dpdk Data Plane Development Kit | >=19.02<19.11.5 | |
Canonical Ubuntu Linux | =20.04 | |
openSUSE Leap | =15.1 | |
openSUSE Leap | =15.2 | |
redhat/dpdk | <18.11.10 | 18.11.10 |
redhat/dpdk | <19.11.5 | 19.11.5 |
ubuntu/dpdk | <19.11.3-0ubuntu0.2 | 19.11.3-0ubuntu0.2 |
debian/dpdk | 20.11.10-1~deb11u1 20.11.6-1~deb11u1 22.11.5-1~deb12u1 23.11.1-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this flaw in dpdk is CVE-2020-14376.
The severity of CVE-2020-14376 is rated as high with a severity value of 7.8.
The highest threat from CVE-2020-14376 is to data confidentiality and integrity, as well as system.
Versions before 18.11.10 and before 19.11.5 of dpdk are affected by CVE-2020-14376.
To fix CVE-2020-14376, update dpdk to version 18.11.10 or 19.11.5 or later.