Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:174966
[Rus]
Version
2
Class
patch
ALTXid
386988
Language
English
Severity
High
Title
ALT -- security update for dpdk-19.11.8-alt1
Description
Security update for dpdk-19.11.8-alt1.
Family
unix
Platform
ALT 8 SP
Product
dpdk
Reference
VENDOR: report-24062021-c9f2
VENDOR: report-24062021-c9f2
Id:
report-24062021-c9f2
Reference:
https://cve.basealt.ru/report-24062021-c9f2.html
CVE: CVE-2020-10722
CVE: CVE-2020-10722
Id:
CVE-2020-10722
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10722
Comment
: A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
6.7
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE:
190 (Integer Overflow or Wraparound)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10722 (CONFIRM)
https://www.openwall.com/lists/oss-security/2020/05/18/2 (MISC)
https://bugs.dpdk.org/show_bug.cgi?id=267 (MISC)
USN-4362-1 (UBUNTU)
openSUSE-SU-2020:0693 (SUSE)
https://www.oracle.com/security-alerts/cpuoct2020.html (MISC)
https://www.oracle.com/security-alerts/cpujan2021.html (MISC)
FEDORA-2020-04e3d34451 ()
CVE: CVE-2020-10723
CVE: CVE-2020-10723
Id:
CVE-2020-10723
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10723
Comment
: A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
6.7
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE:
190 (Integer Overflow or Wraparound)
References:
https://www.openwall.com/lists/oss-security/2020/05/18/2 (MISC)
https://bugs.dpdk.org/show_bug.cgi?id=268 (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10723 (CONFIRM)
USN-4362-1 (UBUNTU)
openSUSE-SU-2020:0693 (SUSE)
https://www.oracle.com/security-alerts/cpuoct2020.html (MISC)
https://www.oracle.com/security-alerts/cpujan2021.html (MISC)
FEDORA-2020-04e3d34451 ()
CVE: CVE-2020-10724
CVE: CVE-2020-10724
Id:
CVE-2020-10724
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10724
Comment
: A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSSv3 Score:
4.4
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE:
125 (Out-of-bounds Read)
References:
https://bugs.dpdk.org/show_bug.cgi?id=269 (MISC)
https://www.openwall.com/lists/oss-security/2020/05/18/2 (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10724 (CONFIRM)
USN-4362-1 (UBUNTU)
openSUSE-SU-2020:0693 (SUSE)
https://www.oracle.com/security-alerts/cpuoct2020.html (MISC)
https://www.oracle.com/security-alerts/cpujan2021.html (MISC)
FEDORA-2020-04e3d34451 ()
CVE: CVE-2020-10725
CVE: CVE-2020-10725
Id:
CVE-2020-10725
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10725
Comment
: A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`.
CVSSv2 Score:
4
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
SINGLE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSSv3 Score:
7.7
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE:
665 (Improper Initialization)
References:
https://www.openwall.com/lists/oss-security/2020/05/18/2 (MISC)
https://bugs.dpdk.org/show_bug.cgi?id=270 (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10725 (CONFIRM)
openSUSE-SU-2020:0693 (SUSE)
https://www.oracle.com/security-alerts/cpujan2021.html (MISC)
FEDORA-2020-04e3d34451 ()
CVE: CVE-2020-10726
CVE: CVE-2020-10726
Id:
CVE-2020-10726
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10726
Comment
: A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
4.4
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE:
190 (Integer Overflow or Wraparound)
References:
https://www.openwall.com/lists/oss-security/2020/05/18/2 (MISC)
https://bugs.dpdk.org/show_bug.cgi?id=271 (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10726 (CONFIRM)
openSUSE-SU-2020:0693 (SUSE)
https://www.oracle.com/security-alerts/cpujan2021.html (MISC)
FEDORA-2020-04e3d34451 ()
CVE: CVE-2020-14374
CVE: CVE-2020-14374
Id:
CVE-2020-14374
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14374
Comment
: A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
8.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE:
120 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'))
References:
https://www.openwall.com/lists/oss-security/2020/09/28/3 (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=1879466 (MISC)
openSUSE-SU-2020:1593 (SUSE)
openSUSE-SU-2020:1599 (SUSE)
[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues (MLIST)
[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues (MLIST)
[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues (MLIST)
CVE: CVE-2020-14375
CVE: CVE-2020-14375
Id:
CVE-2020-14375
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14375
Comment
: A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSSv2 Score:
4.4
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE:
367 (Time-of-check Time-of-use (TOCTOU) Race Condition)
References:
https://www.openwall.com/lists/oss-security/2020/09/28/3 (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=1879468 (MISC)
USN-4550-1 (UBUNTU)
openSUSE-SU-2020:1593 (SUSE)
openSUSE-SU-2020:1599 (SUSE)
[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues (MLIST)
[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues (MLIST)
[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues (MLIST)
CVE: CVE-2020-14376
CVE: CVE-2020-14376
Id:
CVE-2020-14376
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14376
Comment
: A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE:
120 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'))
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1879470 (MISC)
https://www.openwall.com/lists/oss-security/2020/09/28/3 (MISC)
USN-4550-1 (UBUNTU)
openSUSE-SU-2020:1593 (SUSE)
openSUSE-SU-2020:1599 (SUSE)
[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues (MLIST)
[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues (MLIST)
[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues (MLIST)
CVE: CVE-2020-14377
CVE: CVE-2020-14377
Id:
CVE-2020-14377
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14377
Comment
: A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability.
CVSSv2 Score:
3.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:P
CVSSv3 Score:
7.1
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1879472 (MISC)
https://www.openwall.com/lists/oss-security/2020/09/28/3 (MISC)
USN-4550-1 (UBUNTU)
openSUSE-SU-2020:1593 (SUSE)
openSUSE-SU-2020:1599 (SUSE)
[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues (MLIST)
[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues (MLIST)
[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues (MLIST)
CVE: CVE-2020-14378
CVE: CVE-2020-14378
Id:
CVE-2020-14378
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14378
Comment
: An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
3.3
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
LOW
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE:
191 (Integer Underflow (Wrap or Wraparound))
References:
https://www.openwall.com/lists/oss-security/2020/09/28/3 (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=1879473 (MISC)
USN-4550-1 (UBUNTU)
openSUSE-SU-2020:1593 (SUSE)
openSUSE-SU-2020:1599 (SUSE)
[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues (MLIST)
[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues (MLIST)
[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues (MLIST)
Content available only for registered users!
ovaldb@altx-soft.com