Описание
Security update for dpdk
This update for dpdk to 17.11.7 fixes the following issues:
Security issues fixed:
- CVE-2020-10722: Fixed an integer overflow in vhost_user_set_log_base() (bsc#1171477 bsc#1171930).
- CVE-2020-10723: Fixed an integer truncation in vhost_user_check_and_alloc_queue_pair() (bsc#1171477).
Список пакетов
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Software Development Kit 12 SP4
Ссылки
- Link for SUSE-SU-2020:1430-1
- E-Mail link for SUSE-SU-2020:1430-1
- SUSE Security Ratings
- SUSE Bug 1171477
- SUSE Bug 1171925
- SUSE Bug 1171930
- SUSE CVE CVE-2019-14818 page
- SUSE CVE CVE-2020-10722 page
- SUSE CVE CVE-2020-10723 page
Описание
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.
Затронутые продукты
Ссылки
- CVE-2019-14818
- SUSE Bug 1156146
Описание
A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.
Затронутые продукты
Ссылки
- CVE-2020-10722
- SUSE Bug 1171477
- SUSE Bug 1171930
Описание
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption.
Затронутые продукты
Ссылки
- CVE-2020-10723
- SUSE Bug 1171477
- SUSE Bug 1171925