rpm package
suse/dpdk-thunderx&distro=SUSE Linux Enterprise Software Development Kit 12 SP5
pkg:rpm/suse/dpdk-thunderx&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-2132 | — | < 18.11.9-3.24.1 | 18.11.9-3.24.1 | Aug 31, 2022 | A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK. | ||
| CVE-2020-14374 | — | < 18.11.9-3.15.1 | 18.11.9-3.15.1 | Sep 30, 2020 | A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest thr | ||
| CVE-2020-14377 | — | < 18.11.9-3.15.1 | 18.11.9-3.15.1 | Sep 30, 2020 | A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can | ||
| CVE-2020-14376 | — | < 18.11.9-3.15.1 | 18.11.9-3.15.1 | Sep 30, 2020 | A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integri | ||
| CVE-2020-14375 | — | < 18.11.9-3.15.1 | 18.11.9-3.15.1 | Sep 30, 2020 | A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_c | ||
| CVE-2020-14378 | — | < 18.11.9-3.15.1 | 18.11.9-3.15.1 | Sep 30, 2020 | An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending | ||
| CVE-2020-10722 | — | < 18.11.3-3.9.2 | 18.11.3-3.9.2 | May 19, 2020 | A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption. | ||
| CVE-2020-10723 | — | < 18.11.3-3.9.2 | 18.11.3-3.9.2 | May 19, 2020 | A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possibl | ||
| CVE-2020-10724 | — | < 18.11.3-3.9.2 | 18.11.3-3.9.2 | May 19, 2020 | A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read. | ||
| CVE-2019-14818 | — | < 18.11.3-3.6.1 | 18.11.3-3.6.1 | Nov 14, 2019 | A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory |
- CVE-2022-2132Aug 31, 2022affected < 18.11.9-3.24.1fixed 18.11.9-3.24.1
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
- CVE-2020-14374Sep 30, 2020affected < 18.11.9-3.15.1fixed 18.11.9-3.15.1
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest thr
- CVE-2020-14377Sep 30, 2020affected < 18.11.9-3.15.1fixed 18.11.9-3.15.1
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can
- CVE-2020-14376Sep 30, 2020affected < 18.11.9-3.15.1fixed 18.11.9-3.15.1
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integri
- CVE-2020-14375Sep 30, 2020affected < 18.11.9-3.15.1fixed 18.11.9-3.15.1
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_c
- CVE-2020-14378Sep 30, 2020affected < 18.11.9-3.15.1fixed 18.11.9-3.15.1
An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending
- CVE-2020-10722May 19, 2020affected < 18.11.3-3.9.2fixed 18.11.3-3.9.2
A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.
- CVE-2020-10723May 19, 2020affected < 18.11.3-3.9.2fixed 18.11.3-3.9.2
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possibl
- CVE-2020-10724May 19, 2020affected < 18.11.3-3.9.2fixed 18.11.3-3.9.2
A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read.
- CVE-2019-14818Nov 14, 2019affected < 18.11.3-3.6.1fixed 18.11.3-3.6.1
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory