NVD Vulnerability Detail

CVE-2020-14374

Summary	A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Publication Date	Oct. 1, 2020, 5:15 a.m.
Registration Date	Jan. 26, 2021, 11:52 a.m.
Last Update	Nov. 21, 2024, 2:03 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:dpdk:data_plane_development_kit::::::::	19.02			19.11.5
cpe:2.3:a:dpdk:data_plane_development_kit::::::::	18.02.1			18.11.10

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:opensuse:leap:15.1:::::::*
cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
cpe:2.3:o:opensuse:leap:15.2:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html	Third Party Advisory
2	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html	Third Party Advisory
3	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html	Mailing List Third Party Advisory
4	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html	Mailing List Third Party Advisory
5	http://www.openwall.com/lists/oss-security/2021/01/04/1	Mailing List Patch Third Party Advisory
6	http://www.openwall.com/lists/oss-security/2021/01/04/1	Mailing List Patch Third Party Advisory
7	http://www.openwall.com/lists/oss-security/2021/01/04/2	Mailing List Patch Third Party Advisory
8	http://www.openwall.com/lists/oss-security/2021/01/04/2	Mailing List Patch Third Party Advisory
9	http://www.openwall.com/lists/oss-security/2021/01/04/5	Mailing List Third Party Advisory
10	http://www.openwall.com/lists/oss-security/2021/01/04/5	Mailing List Third Party Advisory
11	https://bugzilla.redhat.com/show_bug.cgi?id=1879466	Issue Tracking Tool Signature
12	https://bugzilla.redhat.com/show_bug.cgi?id=1879466	Issue Tracking Tool Signature
13	https://www.openwall.com/lists/oss-security/2020/09/28/3	Mailing List Patch Third Party Advisory
14	https://www.openwall.com/lists/oss-security/2020/09/28/3	Mailing List Patch Third Party Advisory

Common Vulnerabilities List

JVN Vulnerability Information

dpdk における古典的バッファオーバーフローの脆弱性

Title	dpdk における古典的バッファオーバーフローの脆弱性
Summary	dpdk には、古典的バッファオーバーフローの脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Sept. 28, 2020, midnight
Registration Date	April 21, 2021, 3:14 p.m.
Last Update	April 21, 2021, 3:14 p.m.

Affected System

Canonical

Ubuntu

openSUSE project

openSUSE Leap

DPDK

DPDK 18.11.10 未満

DPDK 19.11.5 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2020-14374	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14374
National Vulnerability Database (NVD)
2	CVE-2020-14374	https://nvd.nist.gov/vuln/detail/CVE-2020-14374
関連文書
3	CVE-2020-14374 dpdk: remote Code Execution in vhost_crypto (VM Escape)	https://bugzilla.redhat.com/show_bug.cgi?id=1879466

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-120	https://cwe.mitre.org/data/definitions/120.html

ベンダー情報

その他

No	Name	URL
関連文書
1	DPDK security advisory for multiple vhost crypto issues	https://www.openwall.com/lists/oss-security/2020/09/28/3

Change Log

No	Changed Details	Date of change
1	[2021年04月21日] 掲載	April 21, 2021, 3:14 p.m.