rpm package
opensuse/dpdk&distro=openSUSE Leap 15.2
pkg:rpm/opensuse/dpdk&distro=openSUSE%20Leap%2015.2
Vulnerabilities (12)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-14374 | — | < 19.11.4-lp152.2.8.1 | 19.11.4-lp152.2.8.1 | Sep 30, 2020 | A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest thr | ||
| CVE-2020-14377 | — | < 19.11.4-lp152.2.8.1 | 19.11.4-lp152.2.8.1 | Sep 30, 2020 | A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can | ||
| CVE-2020-14376 | — | < 19.11.4-lp152.2.8.1 | 19.11.4-lp152.2.8.1 | Sep 30, 2020 | A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integri | ||
| CVE-2020-14375 | — | < 19.11.4-lp152.2.8.1 | 19.11.4-lp152.2.8.1 | Sep 30, 2020 | A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_c | ||
| CVE-2020-14378 | — | < 19.11.4-lp152.2.8.1 | 19.11.4-lp152.2.8.1 | Sep 30, 2020 | An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending | ||
| CVE-2020-10781 | — | < 19.11.1-lp152.2.5.1 | 19.11.1-lp152.2.5.1 | Sep 16, 2020 | A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not acco | ||
| CVE-2020-14331 | — | < 19.11.1-lp152.2.5.1 | 19.11.1-lp152.2.5.1 | Sep 15, 2020 | A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA cons | ||
| CVE-2020-14356 | — | < 19.11.1-lp152.2.5.1 | 19.11.1-lp152.2.5.1 | Aug 19, 2020 | A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system. | ||
| CVE-2020-16166 | — | < 19.11.1-lp152.2.5.1 | 19.11.1-lp152.2.5.1 | Jul 30, 2020 | The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. | ||
| CVE-2020-0305 | — | < 19.11.1-lp152.2.5.1 | 19.11.1-lp152.2.5.1 | Jul 17, 2020 | In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-15346 | ||
| CVE-2020-15780 | — | < 19.11.1-lp152.2.5.1 | 19.11.1-lp152.2.5.1 | Jul 15, 2020 | An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30. | ||
| CVE-2020-10135 | — | < 19.11.1-lp152.2.5.1 | 19.11.1-lp152.2.5.1 | May 19, 2020 | Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersona |
- CVE-2020-14374Sep 30, 2020affected < 19.11.4-lp152.2.8.1fixed 19.11.4-lp152.2.8.1
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest thr
- CVE-2020-14377Sep 30, 2020affected < 19.11.4-lp152.2.8.1fixed 19.11.4-lp152.2.8.1
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can
- CVE-2020-14376Sep 30, 2020affected < 19.11.4-lp152.2.8.1fixed 19.11.4-lp152.2.8.1
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integri
- CVE-2020-14375Sep 30, 2020affected < 19.11.4-lp152.2.8.1fixed 19.11.4-lp152.2.8.1
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_c
- CVE-2020-14378Sep 30, 2020affected < 19.11.4-lp152.2.8.1fixed 19.11.4-lp152.2.8.1
An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending
- CVE-2020-10781Sep 16, 2020affected < 19.11.1-lp152.2.5.1fixed 19.11.1-lp152.2.5.1
A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not acco
- CVE-2020-14331Sep 15, 2020affected < 19.11.1-lp152.2.5.1fixed 19.11.1-lp152.2.5.1
A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA cons
- CVE-2020-14356Aug 19, 2020affected < 19.11.1-lp152.2.5.1fixed 19.11.1-lp152.2.5.1
A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system.
- CVE-2020-16166Jul 30, 2020affected < 19.11.1-lp152.2.5.1fixed 19.11.1-lp152.2.5.1
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.
- CVE-2020-0305Jul 17, 2020affected < 19.11.1-lp152.2.5.1fixed 19.11.1-lp152.2.5.1
In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-15346
- CVE-2020-15780Jul 15, 2020affected < 19.11.1-lp152.2.5.1fixed 19.11.1-lp152.2.5.1
An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.
- CVE-2020-10135May 19, 2020affected < 19.11.1-lp152.2.5.1fixed 19.11.1-lp152.2.5.1
Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersona