rpm package
suse/dpdk-thunderx&distro=SUSE Linux Enterprise Server 15-LTSS
pkg:rpm/suse/dpdk-thunderx&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-2132 | — | < 18.11.9-150000.3.32.2 | 18.11.9-150000.3.32.2 | Aug 31, 2022 | A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK. | ||
| CVE-2020-14374 | — | < 18.11.9-3.25.1 | 18.11.9-3.25.1 | Sep 30, 2020 | A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest thr | ||
| CVE-2020-14377 | — | < 18.11.9-3.25.1 | 18.11.9-3.25.1 | Sep 30, 2020 | A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can | ||
| CVE-2020-14376 | — | < 18.11.9-3.25.1 | 18.11.9-3.25.1 | Sep 30, 2020 | A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integri | ||
| CVE-2020-14375 | — | < 18.11.9-3.25.1 | 18.11.9-3.25.1 | Sep 30, 2020 | A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_c | ||
| CVE-2020-14378 | — | < 18.11.9-3.25.1 | 18.11.9-3.25.1 | Sep 30, 2020 | An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending | ||
| CVE-2020-10725 | — | < 18.11.3-3.19.2 | 18.11.3-3.19.2 | May 20, 2020 | A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a miss | ||
| CVE-2020-10726 | — | < 18.11.3-3.19.2 | 18.11.3-3.19.2 | May 20, 2020 | A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of s | ||
| CVE-2020-10722 | — | < 18.11.3-3.19.2 | 18.11.3-3.19.2 | May 19, 2020 | A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption. | ||
| CVE-2020-10723 | — | < 18.11.3-3.19.2 | 18.11.3-3.19.2 | May 19, 2020 | A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possibl | ||
| CVE-2020-10724 | — | < 18.11.3-3.19.2 | 18.11.3-3.19.2 | May 19, 2020 | A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read. |
- CVE-2022-2132Aug 31, 2022affected < 18.11.9-150000.3.32.2fixed 18.11.9-150000.3.32.2
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
- CVE-2020-14374Sep 30, 2020affected < 18.11.9-3.25.1fixed 18.11.9-3.25.1
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest thr
- CVE-2020-14377Sep 30, 2020affected < 18.11.9-3.25.1fixed 18.11.9-3.25.1
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can
- CVE-2020-14376Sep 30, 2020affected < 18.11.9-3.25.1fixed 18.11.9-3.25.1
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integri
- CVE-2020-14375Sep 30, 2020affected < 18.11.9-3.25.1fixed 18.11.9-3.25.1
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_c
- CVE-2020-14378Sep 30, 2020affected < 18.11.9-3.25.1fixed 18.11.9-3.25.1
An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending
- CVE-2020-10725May 20, 2020affected < 18.11.3-3.19.2fixed 18.11.3-3.19.2
A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a miss
- CVE-2020-10726May 20, 2020affected < 18.11.3-3.19.2fixed 18.11.3-3.19.2
A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of s
- CVE-2020-10722May 19, 2020affected < 18.11.3-3.19.2fixed 18.11.3-3.19.2
A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.
- CVE-2020-10723May 19, 2020affected < 18.11.3-3.19.2fixed 18.11.3-3.19.2
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possibl
- CVE-2020-10724May 19, 2020affected < 18.11.3-3.19.2fixed 18.11.3-3.19.2
A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read.