CVE-2020-10724

Опубликовано: 18 мая 2020

Источник: redhat

CVSS3: 5.1

EPSS Низкий

Описание

A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read.

Отчет

This issue did not affect the versions of Ceph as shipped with Red Hat Ceph Storage 3 and 4, as they did not include support for DPDK. Red Hat Enterprise Linux 7 and 8 are not affected by this flaw, as vhost-crypto backend is not built and shipped in DPDK packages.

Затронутые пакеты

Платформа	Пакет	Состояние
Fast Datapath for RHEL 7	openvswitch	Not affected
Fast Datapath for RHEL 7	openvswitch2.10	Not affected
Fast Datapath for RHEL 7	openvswitch2.12	Not affected
Fast Datapath for RHEL 7	openvswitch2.13	Not affected
Fast Datapath for RHEL 8	openvswitch2.12	Not affected
Red Hat Ceph Storage 3	ceph	Not affected
Red Hat Ceph Storage 4	ceph	Not affected
Red Hat Enterprise Linux 7	dpdk	Not affected
Red Hat Enterprise Linux 8	dpdk	Not affected
Red Hat OpenStack Platform 10 (Newton)	openvswitch	Out of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=1828884dpdk: librte_vhost Missing inputs validation in Vhost-crypto

EPSS

Процентиль: 24%

0.0008

Низкий

5.1 Medium

CVSS3

Связанные уязвимости

CVE-2020-10724

CVSS3: 5.1

ubuntu

больше 5 лет назад

CVE-2020-10724

CVSS3: 5.1

nvd

больше 5 лет назад

CVE-2020-10724

CVSS3: 5.1

msrc

5 месяцев назад

A vulnerability was found in DPDK versions 18.11 and above

CVE-2020-10724

CVSS3: 5.1

debian

больше 5 лет назад

A vulnerability was found in DPDK versions 18.11 and above. The vhost- ...

GHSA-ffrh-qjc2-38wm

github

больше 3 лет назад

EPSS

Процентиль: 24%

0.0008

Низкий

5.1 Medium

CVSS3