Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2020-14375
HistorySep 30, 2020 - 7:15 p.m.

CVE-2020-14375

2020-09-3019:15:12
CWE-367
[email protected]
web.nvd.nist.gov
7
dpdk
virtual machine
data confidentiality
integrity
system availability
vhost_crypto
virtio ring descriptors
memory vulnerability

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

0

Percentile

14.2%

JSON

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Affected configurations

Nvd
Node
dpdkdata_plane_development_kitRange18.02.118.11.10
OR
dpdkdata_plane_development_kitRange19.0219.11.5
Node
canonicalubuntu_linuxMatch20.04lts
OR
opensuseleapMatch15.1
OR
opensuseleapMatch15.2
VendorProductVersionCPE
dpdkdata_plane_development_kit*cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*
canonicalubuntu_linux20.04cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
opensuseleap15.1cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
opensuseleap15.2cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

Related

veracode 1
ubuntucve 1
prion 1
cve 1
debiancve 1
cvelist 1
redhatcve 1
nessus 12
openvas 13
ubuntu 1
osv 2
suse 2
veracode
veracode
Information Disclosure
2020-09-29 03:45:55
ubuntucve
ubuntucve
CVE-2020-14375
2020-09-28 00:00:00
prion
prion
Design/Logic Flaw
2020-09-30 19:15:00
cve
cve
CVE-2020-14375
2020-09-30 19:15:12
debiancve
debiancve
CVE-2020-14375
2020-09-30 19:15:12
cvelist
cvelist
CVE-2020-14375
2020-09-30 18:42:58
redhatcve
redhatcve
CVE-2020-14375
2020-09-29 14:41:11
nessus
nessus
EulerOS Virtualization for ARM 64 3.0.2.0 : spdk (EulerOS-SA-2021-1043)
2021-01-05 00:00:00
EulerOS Virtualization for ARM 64 3.0.6.0 : spdk (EulerOS-SA-2021-1528)
2021-03-04 00:00:00
SUSE SLES15 Security Update : dpdk (SUSE-SU-2020:2769-1)
2020-12-09 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for spdk (EulerOS-SA-2021-1528)
2021-03-05 00:00:00
Huawei EulerOS: Security Advisory for spdk (EulerOS-SA-2021-1043)
2021-01-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:2767-1)
2021-04-19 00:00:00
ubuntu
ubuntu
DPDK vulnerabilities
2020-09-28 00:00:00
osv
osv
dpdk vulnerabilities
2020-09-28 16:32:13
dpdk-19.11.8-2.7 on GA media
2024-06-15 00:00:00
suse
suse
Security update for dpdk (critical)
2020-10-03 00:00:00
Security update for dpdk (critical)
2020-10-04 00:00:00

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

0

Percentile

14.2%

JSON
Related for NVD:CVE-2020-14375
veracode1ubuntucve1prion1cve1debiancve1cvelist1redhatcve1nessus12openvas13ubuntu1osv2suse2