Data Plane Development Kit Security Vulnerabilities and Issues — Data Plane Development Kit CVE List

Lucene search

DpdkData Plane Development Kit

5 matches found

CVE•added 2020/05/19 7:15 p.m.•226 views

CVE-2020-10723

A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption...

6.7CVSS6.8AI score0.00198EPSS

CVE•added 2020/05/19 7:15 p.m.•215 views

CVE-2020-10722

A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.

6.7CVSS7AI score0.00198EPSS

CVE•added 2020/05/19 7:15 p.m.•182 views

CVE-2020-10724

A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read.

5.1CVSS5.7AI score0.00088EPSS

CVE•added 2020/05/20 2:15 p.m.•171 views

CVE-2020-10725

A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check ...

7.7CVSS7.3AI score0.00683EPSS

CVE•added 2020/05/20 2:15 p.m.•165 views

CVE-2020-10726

A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service.

6CVSS5.4AI score0.00112EPSS