dpdk up to 18.11.9/19.11.4 Guest Virtual Machine Memory Parameter out-of-bounds
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
5.6 | $0-$5k | 0.00 |
A vulnerability was found in dpdk up to 18.11.9/19.11.4. It has been rated as problematic. Affected by this issue is some unknown processing of the component Guest Virtual Machine Memory Handler. The manipulation as part of a Parameter leads to a out-of-bounds vulnerability. Using CWE to declare the problem leads to CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. Impacted is confidentiality. CVE summarizes:
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability.
The weakness was presented 09/30/2020 as Bug 1879472 as not defined bug report (Bugzilla). The advisory is available at bugzilla.redhat.com. This vulnerability is handled as CVE-2020-14377 since 06/17/2020. The technical details are unknown and an exploit is not available.
Upgrading to version 18.11.10 or 19.11.5 eliminates this vulnerability.
See 162099, 162097, 162096 and 162095 for similar entries.
Product
Name
Version
- 18.11.0
- 18.11.1
- 18.11.2
- 18.11.3
- 18.11.4
- 18.11.5
- 18.11.6
- 18.11.7
- 18.11.8
- 18.11.9
- 19.11.0
- 19.11.1
- 19.11.2
- 19.11.3
- 19.11.4
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.8VulDB Meta Temp Score: 5.8
VulDB Base Score: 3.3
VulDB Temp Score: 3.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 8.4
NVD Vector: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Out-of-boundsCWE: CWE-125 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: dpdk 18.11.10/19.11.5
Timeline
06/17/2020 🔍09/30/2020 🔍
10/01/2020 🔍
11/15/2020 🔍
Sources
Advisory: Bug 1879472Status: Not defined
CVE: CVE-2020-14377 (🔍)
See also: 🔍
Entry
Created: 10/01/2020 09:32Updated: 11/15/2020 06:46
Changes: 10/01/2020 09:32 (41), 10/01/2020 09:37 (3), 11/14/2020 09:31 (5), 11/15/2020 06:46 (14)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.