Lucene search

RedhatCVE-2019-14818

HistoryNov 14, 2019 - 5:15 p.m.

CVE-2019-14818

2019-11-1417:15:14

CWE-401

redhat

web.nvd.nist.gov

114

cve-2019-14818

dpdk

version 17.x.x

version 16.x.x

version 18.x.x

version 19.x.x

vring_set_num

memory leak

denial of service

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

0.006

Percentile

78.7%

JSON

A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.

Affected configurations

Nvd

Vulners

Node

dpdkdata_plane_development_kitRange16.04–16.11.10

dpdkdata_plane_development_kitRange17.02–17.11.8

dpdkdata_plane_development_kitRange18.02–18.11.4

dpdkdata_plane_development_kitRange19.02–19.08.1

Node

redhatenterprise_linux_fast_datapathMatch7.0

redhatenterprise_linux_fast_datapathMatch8.0

redhatopenstackMatch10

redhatvirtualization_eusMatch4.2

Node

fedoraprojectfedoraMatch31

VendorProductVersionCPE
dpdkdata_plane_development_kit*cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*
redhatenterprise_linux_fast_datapath7.0cpe:2.3:a:redhat:enterprise_linux_fast_datapath:7.0:*:*:*:*:*:*:*
redhatenterprise_linux_fast_datapath8.0cpe:2.3:a:redhat:enterprise_linux_fast_datapath:8.0:*:*:*:*:*:*:*
redhatopenstack10cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
redhatvirtualization_eus4.2cpe:2.3:a:redhat:virtualization_eus:4.2:*:*:*:*:*:*:*
fedoraprojectfedora31cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dpdk	data_plane_development_kit	*	cpe:2.3:a:dpdk:data_plane_development_kit::::::::
redhat	enterprise_linux_fast_datapath	7.0	cpe:2.3:a:redhat:enterprise_linux_fast_datapath:7.0:::::::*
redhat	enterprise_linux_fast_datapath	8.0	cpe:2.3:a:redhat:enterprise_linux_fast_datapath:8.0:::::::*
redhat	openstack	10	cpe:2.3:a:redhat:openstack:10:::::::*
redhat	virtualization_eus	4.2	cpe:2.3:a:redhat:virtualization_eus:4.2:::::::*
fedoraproject	fedora	31	cpe:2.3:o:fedoraproject:fedora:31:::::::*

CNA Affected

[
  {
    "vendor": "DPDK",
    "product": "dpdk",
    "versions": [
      {
        "version": "all dpdk version 17.x.x before 17.11.8",
        "status": "affected"
      },
      {
        "version": "all dpdk version 16.x.x before 16.11.10",
        "status": "affected"
      },
      {
        "version": "all dpdk version 18.x.x before 18.11.4",
        "status": "affected"
      },
      {
        "version": "all dpdk version 19.x.x before 19.08.1",
        "status": "affected"
      }
    ]
  }
]