Описание
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.
A flaw was found in dpdk where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.
Отчет
The dpdk package within Red Hat OpenStack Platform 10 has been superseded by the version included with RHEL Extras, fixes for dpdk will be consumed from here.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Fast Datapath for RHEL 7 | openvswitch2.10 | Will not fix | ||
| Fast Datapath for RHEL 8 | openvswitch | Not affected | ||
| Fast Datapath for RHEL 8 | openvswitch2.10 | Not affected | ||
| Red Hat Ceph Storage 3 | ceph | Not affected | ||
| Red Hat Ceph Storage 4 | ceph | Affected | ||
| Red Hat OpenStack Platform 10 (Newton) | dpdk | Not affected | ||
| Red Hat OpenStack Platform 10 (Newton) | openvswitch | Out of support scope | ||
| Red Hat OpenStack Platform 14 (Rocky) | openvswitch | Out of support scope | ||
| Fast Datapath for Red Hat Enterprise Linux 7 | openvswitch | Fixed | RHSA-2020:0165 | 21.01.2020 |
| Fast Datapath for Red Hat Enterprise Linux 7 | openvswitch2.11 | Fixed | RHSA-2020:0166 | 21.01.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x bef ...
EPSS
7.5 High
CVSS3