CVE-2020-10723

Опубликовано: 18 мая 2020

Источник: redhat

CVSS3: 6.7

Описание

A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption.

Отчет

This issue did not affect the versions of Ceph as shipped with Red Hat Ceph Storage 3 and 4, as they did not include support for DPDK.

Затронутые пакеты

Платформа	Пакет	Состояние
Fast Datapath for RHEL 7	openvswitch2.10	Will not fix
Fast Datapath for RHEL 7	openvswitch2.12	Will not fix
Fast Datapath for RHEL 7	openvswitch2.13	Not affected
Fast Datapath for RHEL 8	openvswitch2.12	Will not fix
Red Hat Ceph Storage 3	ceph	Not affected
Red Hat Ceph Storage 4	ceph	Not affected
Red Hat OpenStack Platform 10 (Newton)	openvswitch	Out of support scope
Red Hat OpenStack Platform 13 (Queens)	openvswitch	Affected
Red Hat OpenStack Platform 15 (Stein)	rhosp-openvswitch	Not affected
Red Hat OpenStack Platform 16 (Train)	rhosp-openvswitch	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-190

https://bugzilla.redhat.com/show_bug.cgi?id=1828874dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()

6.7 Medium

CVSS3

Связанные уязвимости

CVE-2020-10723

CVSS3: 5.1

ubuntu

больше 5 лет назад

CVE-2020-10723

CVSS3: 5.1

nvd

больше 5 лет назад

CVE-2020-10723

CVSS3: 5.1

msrc

5 месяцев назад

A memory corruption issue was found in DPDK versions 17.05 and above

CVE-2020-10723

CVSS3: 5.1

debian

больше 5 лет назад

A memory corruption issue was found in DPDK versions 17.05 and above. ...

GHSA-4gq2-9rxc-45pg

CVSS3: 6.7

github

больше 3 лет назад

6.7 Medium

CVSS3