Описание
Security update for dpdk
This update for dpdk fixes the following issues:
- CVE-2020-10722: Fixed an integer overflow in vhost_user_set_log_base() (bsc#1171930).
- CVE-2020-10723: Fixed an integer truncation in vhost_user_check_and_alloc_queue_pair() (bsc#1171925).
- CVE-2020-10724: Fixed a missing inputs validation in Vhost-crypto (bsc#1171926).
Список пакетов
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP5
Ссылки
- Link for SUSE-SU-2020:1552-1
- E-Mail link for SUSE-SU-2020:1552-1
- SUSE Security Ratings
- SUSE Bug 1171477
- SUSE Bug 1171925
- SUSE Bug 1171926
- SUSE Bug 1171930
- SUSE CVE CVE-2020-10722 page
- SUSE CVE CVE-2020-10723 page
- SUSE CVE CVE-2020-10724 page
Описание
A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.
Затронутые продукты
Ссылки
- CVE-2020-10722
- SUSE Bug 1171477
- SUSE Bug 1171930
Описание
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption.
Затронутые продукты
Ссылки
- CVE-2020-10723
- SUSE Bug 1171477
- SUSE Bug 1171925
Описание
A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read.
Затронутые продукты
Ссылки
- CVE-2020-10724
- SUSE Bug 1171477
- SUSE Bug 1171926