The vulnerability of the vhost-user module in the library and driver set for fast packet processing in dpdk allows a attacker to cause a service failure.

The vulnerability of the vhost-user module in the library and driver setup for fast packet processing in dpdk is related to integer overflow. Exploiting this vulnerability can allow an attacker to cause a service failure...

dpdk: librte_vhost VHOST_USER_GET_INFLIGHT_FD message flooding to result in a DoS

A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOSTUSERGETINFLIGHTFD messages, causing a resource leak file descriptors and virtual memory, which may result in a denial of service...

Important: dpdk security, bug fix, and enhancement update

The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. The following packages have been upgraded to a later upstream version: dpdk 19.11.3. BZ1824905 Security Fixes: dpdk: librtevhost Malicious guest could...

DPDK iv_data Buffer Overflow Vulnerability

DPDK is a data plane development kit for Linux-based platforms. DPDK ivdata buffer overflow vulnerability. The vulnerability stems from a networked system or product performing operations in memory without properly validating data boundaries, resulting in incorrect read and write operations being...

DEBIAN-CVE-2020-14376

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying ivdata from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as syst...

DEBIAN-CVE-2020-14378

An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the movedesc function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause movedesc to get stuck in a 4,294,967,295-count iteration loop. Depending on how vhostcrypto is...

DEBIAN-CVE-2020-14375

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhostcrypto has validate...

dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()

A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index a UInt is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...

USN-4550-1 dpdk vulnerabilities

Ryan Hall discovered that DPDK incorrectly handled vhost crypto. An attacker inside a guest could use these issues to perform multiple attacks, including denial of service attacks, obtaining sensitive information from the host, and possibly executing arbitrary code on the host...

UBUNTU-CVE-2020-14377

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an...

UBUNTU-CVE-2020-14376

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying ivdata from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as syst...

UBUNTU-CVE-2020-14374

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copydata function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhostcrypto application. The highest threat from this...

The vulnerability of the `vhost_user_set_log_base` function in libraries and drivers for fast packet processing in DPDK allows attackers to access sensitive data, compromise its integrity, and cause service failures.

The vulnerability of the vhostusersetlogbase function in libraries and drivers for fast packet processing in DPDK lies in a potential integer overflow. Exploiting this vulnerability could allow an attacker to access confidential data, compromise its integrity, and even cause service failures...

CVE-2020-15127

Contour (Ingress controller for Kubernetes) prior to version 1.7.0 is affected by a DoS that lets a network attacker shut down all Envoy instances. The vulnerability arises from an unauthenticated /shutdown endpoint on port 8090 of the Envoy pod, which triggers Envoy shutdown and flips the readin...

CVE-2020-15127

In Contour Ingress controller for Kubernetes before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on port 8090 of the Envoy pod initiate Envoy's shutdown procedure. The shutdown procedure includes...

dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()

A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index a UInt is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...

dpdk: librte_vhost Integer overflow in vhost_user_set_log_base()

A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhostusersetlogbase could result in a smaller memory map than requested, possibly allowing memory corruption...

Security Advisory 0049

Security Advisory 0049 PDF Date: June 3, 2020 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | June 3, 2020 | Initial Release The CVE-ID tracking this issue: CVE-2020-11622 CVSSv3.1 Base Score: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description: This security advisory documents the...

[SECURITY] Fedora 32 Update: dpdk-19.11.1-2.fc32

The Data Plane Development Kit is a set of libraries and drivers for fast packet processing in the user space...

dpdk: librte_vhost Integer overflow in vhost_user_set_log_base()

A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhostusersetlogbase could result in a smaller memory map than requested, possibly allowing memory corruption...