rpm package
suse/dpdk&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3
pkg:rpm/suse/dpdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-10722 | — | < 16.11.9-8.15.13 | 16.11.9-8.15.13 | May 19, 2020 | A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption. | ||
| CVE-2019-14818 | — | < 16.11.9-8.15.13 | 16.11.9-8.15.13 | Nov 14, 2019 | A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory | ||
| CVE-2018-3646 | — | < 16.11.6-8.7.2 | 16.11.6-8.7.2 | Aug 14, 2018 | Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis | ||
| CVE-2018-3620 | — | < 16.11.6-8.7.2 | 16.11.6-8.7.2 | Aug 14, 2018 | Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. | ||
| CVE-2018-5390 | — | < 16.11.6-8.7.2 | 16.11.6-8.7.2 | Aug 6, 2018 | Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. | ||
| CVE-2018-14734 | — | < 16.11.6-8.7.2 | 16.11.6-8.7.2 | Jul 29, 2018 | drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). | ||
| CVE-2017-18344 | — | < 16.11.6-8.7.2 | 16.11.6-8.7.2 | Jul 26, 2018 | The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows | ||
| CVE-2018-1059 | — | < 16.11.6-8.4.2 | 16.11.6-8.4.2 | Apr 24, 2018 | The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memo |
- CVE-2020-10722May 19, 2020affected < 16.11.9-8.15.13fixed 16.11.9-8.15.13
A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.
- CVE-2019-14818Nov 14, 2019affected < 16.11.9-8.15.13fixed 16.11.9-8.15.13
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory
- CVE-2018-3646Aug 14, 2018affected < 16.11.6-8.7.2fixed 16.11.6-8.7.2
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis
- CVE-2018-3620Aug 14, 2018affected < 16.11.6-8.7.2fixed 16.11.6-8.7.2
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
- CVE-2018-5390Aug 6, 2018affected < 16.11.6-8.7.2fixed 16.11.6-8.7.2
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
- CVE-2018-14734Jul 29, 2018affected < 16.11.6-8.7.2fixed 16.11.6-8.7.2
drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).
- CVE-2017-18344Jul 26, 2018affected < 16.11.6-8.7.2fixed 16.11.6-8.7.2
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows
- CVE-2018-1059Apr 24, 2018affected < 16.11.6-8.4.2fixed 16.11.6-8.4.2
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memo