Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-10725 (GCVE-0-2020-10725)
Vulnerability from cvelistv5 – Published: 2020-05-20 13:16 – Updated: 2024-08-04 11:14
VLAI
EPSS
Summary
A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`.
Severity
7.7 (High)
CWE
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.openwall.com/lists/oss-security/2020/… | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpujan2021.html | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://bugs.dpdk.org/show_bug.cgi?id=270 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:14.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2020:0693",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10725"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=270"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dpdk",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "20.02.1"
},
{
"status": "affected",
"version": "19.11.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T14:42:03.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2020:0693",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10725"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.dpdk.org/show_bug.cgi?id=270"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dpdk",
"version": {
"version_data": [
{
"version_value": "20.02.1"
},
{
"version_value": "19.11.2"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.7/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-665"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2020:0693",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html"
},
{
"name": "FEDORA-2020-04e3d34451",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/05/18/2",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/05/18/2"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10725",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10725"
},
{
"name": "https://bugs.dpdk.org/show_bug.cgi?id=270",
"refsource": "MISC",
"url": "https://bugs.dpdk.org/show_bug.cgi?id=270"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10725",
"datePublished": "2020-05-20T13:16:55.000Z",
"dateReserved": "2020-03-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:14:14.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-10725",
"date": "2026-05-29",
"epss": "0.00606",
"percentile": "0.69976"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-10725\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2020-05-20T14:15:11.063\",\"lastModified\":\"2024-11-21T04:55:56.313\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un fallo en DPDK versi\u00f3n 19.11 y superior, que permite a un invitado malicioso causar un fallo de segmentaci\u00f3n de la aplicaci\u00f3n backend vhost-user que se ejecuta en el host, lo que podr\u00eda resultar en una p\u00e9rdida de conectividad para los otros invitados ejecutados en ese host. Esto es causado por una falta de comprobaci\u00f3n de la validez de la direcci\u00f3n del descriptor en la funci\u00f3n \\\"virtio_dev_rx_batch_packed()\\\".\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.1,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.1,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:N/A:P\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-665\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-665\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"19.11\",\"matchCriteriaId\":\"007A7171-D30B-4F66-8AA4-71F37EF2DC98\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E11C65C3-1B17-4362-A99C-59583081A24D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"348EEE70-E114-4720-AAAF-E77DE5C9A2D1\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.dpdk.org/show_bug.cgi?id=270\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10725\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.openwall.com/lists/oss-security/2020/05/18/2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00045.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.dpdk.org/show_bug.cgi?id=270\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10725\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRHKFVV4MRWNNJOYQOVP64L4UVWYPEO4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.openwall.com/lists/oss-security/2020/05/18/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
SUSE-SU-2020:1335-1
Vulnerability from csaf_suse - Published: 2020-05-19 11:20 - Updated: 2020-05-19 11:20Summary
Security update for dpdk
Severity
Moderate
Notes
Title of the patch: Security update for dpdk
Description of the patch: This update for dpdk fixes the following issues:
Security issues fixed:
- CVE-2020-10722: Fixed an integer overflow in vhost_user_set_log_base() (bsc#1171477).
- CVE-2020-10723: Fixed an integer truncation in vhost_user_check_and_alloc_queue_pair() (bsc#1171477).
- CVE-2020-10724: Fixed a missing inputs validation in Vhost-crypto (bsc#1171477).
- CVE-2020-10725: Fixed a segfault caused by invalid virtio descriptors sent from a malicious guest (bsc#1171477).
- CVE-2020-10726: Fixed a denial-of-service caused by VHOST_USER_GET_INFLIGHT_FD message flooding (bsc#1171477).
Patchnames: SUSE-2020-1335,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-1335,SUSE-SLE-Module-Server-Applications-15-SP1-2020-1335
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.1 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.1 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.1 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.7 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for dpdk",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for dpdk fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2020-10722: Fixed an integer overflow in vhost_user_set_log_base() (bsc#1171477).\n- CVE-2020-10723: Fixed an integer truncation in vhost_user_check_and_alloc_queue_pair() (bsc#1171477).\n- CVE-2020-10724: Fixed a missing inputs validation in Vhost-crypto (bsc#1171477).\n- CVE-2020-10725: Fixed a segfault caused by invalid virtio descriptors sent from a malicious guest (bsc#1171477).\n- CVE-2020-10726: Fixed a denial-of-service caused by VHOST_USER_GET_INFLIGHT_FD message flooding (bsc#1171477).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-1335,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-1335,SUSE-SLE-Module-Server-Applications-15-SP1-2020-1335",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_1335-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:1335-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201335-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:1335-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-May/006833.html"
},
{
"category": "self",
"summary": "SUSE Bug 1171477",
"url": "https://bugzilla.suse.com/1171477"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10722 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10722/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10723 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10724 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10725 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10726 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10726/"
}
],
"title": "Security update for dpdk",
"tracking": {
"current_release_date": "2020-05-19T11:20:24Z",
"generator": {
"date": "2020-05-19T11:20:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:1335-1",
"initial_release_date": "2020-05-19T11:20:24Z",
"revision_history": [
{
"date": "2020-05-19T11:20:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "dpdk-18.11.3-4.6.2.aarch64",
"product": {
"name": "dpdk-18.11.3-4.6.2.aarch64",
"product_id": "dpdk-18.11.3-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "dpdk-devel-18.11.3-4.6.2.aarch64",
"product": {
"name": "dpdk-devel-18.11.3-4.6.2.aarch64",
"product_id": "dpdk-devel-18.11.3-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "dpdk-examples-18.11.3-4.6.2.aarch64",
"product": {
"name": "dpdk-examples-18.11.3-4.6.2.aarch64",
"product_id": "dpdk-examples-18.11.3-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64",
"product": {
"name": "dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64",
"product_id": "dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "dpdk-thunderx-18.11.3-4.6.2.aarch64",
"product": {
"name": "dpdk-thunderx-18.11.3-4.6.2.aarch64",
"product_id": "dpdk-thunderx-18.11.3-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "dpdk-thunderx-devel-18.11.3-4.6.2.aarch64",
"product": {
"name": "dpdk-thunderx-devel-18.11.3-4.6.2.aarch64",
"product_id": "dpdk-thunderx-devel-18.11.3-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "dpdk-thunderx-examples-18.11.3-4.6.2.aarch64",
"product": {
"name": "dpdk-thunderx-examples-18.11.3-4.6.2.aarch64",
"product_id": "dpdk-thunderx-examples-18.11.3-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "dpdk-thunderx-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64",
"product": {
"name": "dpdk-thunderx-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64",
"product_id": "dpdk-thunderx-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "dpdk-thunderx-tools-18.11.3-4.6.2.aarch64",
"product": {
"name": "dpdk-thunderx-tools-18.11.3-4.6.2.aarch64",
"product_id": "dpdk-thunderx-tools-18.11.3-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "dpdk-tools-18.11.3-4.6.2.aarch64",
"product": {
"name": "dpdk-tools-18.11.3-4.6.2.aarch64",
"product_id": "dpdk-tools-18.11.3-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "libdpdk-18_11-18.11.3-4.6.2.aarch64",
"product": {
"name": "libdpdk-18_11-18.11.3-4.6.2.aarch64",
"product_id": "libdpdk-18_11-18.11.3-4.6.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dpdk-doc-18.11.3-4.6.2.noarch",
"product": {
"name": "dpdk-doc-18.11.3-4.6.2.noarch",
"product_id": "dpdk-doc-18.11.3-4.6.2.noarch"
}
},
{
"category": "product_version",
"name": "dpdk-thunderx-doc-18.11.3-4.6.2.noarch",
"product": {
"name": "dpdk-thunderx-doc-18.11.3-4.6.2.noarch",
"product_id": "dpdk-thunderx-doc-18.11.3-4.6.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "dpdk-18.11.3-4.6.2.ppc64le",
"product": {
"name": "dpdk-18.11.3-4.6.2.ppc64le",
"product_id": "dpdk-18.11.3-4.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "dpdk-devel-18.11.3-4.6.2.ppc64le",
"product": {
"name": "dpdk-devel-18.11.3-4.6.2.ppc64le",
"product_id": "dpdk-devel-18.11.3-4.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "dpdk-examples-18.11.3-4.6.2.ppc64le",
"product": {
"name": "dpdk-examples-18.11.3-4.6.2.ppc64le",
"product_id": "dpdk-examples-18.11.3-4.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.ppc64le",
"product": {
"name": "dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.ppc64le",
"product_id": "dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "dpdk-tools-18.11.3-4.6.2.ppc64le",
"product": {
"name": "dpdk-tools-18.11.3-4.6.2.ppc64le",
"product_id": "dpdk-tools-18.11.3-4.6.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libdpdk-18_11-18.11.3-4.6.2.ppc64le",
"product": {
"name": "libdpdk-18_11-18.11.3-4.6.2.ppc64le",
"product_id": "libdpdk-18_11-18.11.3-4.6.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "dpdk-18.11.3-4.6.2.x86_64",
"product": {
"name": "dpdk-18.11.3-4.6.2.x86_64",
"product_id": "dpdk-18.11.3-4.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "dpdk-devel-18.11.3-4.6.2.x86_64",
"product": {
"name": "dpdk-devel-18.11.3-4.6.2.x86_64",
"product_id": "dpdk-devel-18.11.3-4.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "dpdk-examples-18.11.3-4.6.2.x86_64",
"product": {
"name": "dpdk-examples-18.11.3-4.6.2.x86_64",
"product_id": "dpdk-examples-18.11.3-4.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.x86_64",
"product": {
"name": "dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.x86_64",
"product_id": "dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "dpdk-tools-18.11.3-4.6.2.x86_64",
"product": {
"name": "dpdk-tools-18.11.3-4.6.2.x86_64",
"product_id": "dpdk-tools-18.11.3-4.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "libdpdk-18_11-18.11.3-4.6.2.x86_64",
"product": {
"name": "libdpdk-18_11-18.11.3-4.6.2.x86_64",
"product_id": "libdpdk-18_11-18.11.3-4.6.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dpdk-18.11.3-4.6.2.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.aarch64"
},
"product_reference": "dpdk-18.11.3-4.6.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpdk-18.11.3-4.6.2.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.ppc64le"
},
"product_reference": "dpdk-18.11.3-4.6.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpdk-18.11.3-4.6.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.x86_64"
},
"product_reference": "dpdk-18.11.3-4.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpdk-devel-18.11.3-4.6.2.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.aarch64"
},
"product_reference": "dpdk-devel-18.11.3-4.6.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpdk-devel-18.11.3-4.6.2.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.ppc64le"
},
"product_reference": "dpdk-devel-18.11.3-4.6.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpdk-devel-18.11.3-4.6.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.x86_64"
},
"product_reference": "dpdk-devel-18.11.3-4.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64"
},
"product_reference": "dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.ppc64le"
},
"product_reference": "dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.x86_64"
},
"product_reference": "dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpdk-tools-18.11.3-4.6.2.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.aarch64"
},
"product_reference": "dpdk-tools-18.11.3-4.6.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpdk-tools-18.11.3-4.6.2.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.ppc64le"
},
"product_reference": "dpdk-tools-18.11.3-4.6.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dpdk-tools-18.11.3-4.6.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.x86_64"
},
"product_reference": "dpdk-tools-18.11.3-4.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdpdk-18_11-18.11.3-4.6.2.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.aarch64"
},
"product_reference": "libdpdk-18_11-18.11.3-4.6.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdpdk-18_11-18.11.3-4.6.2.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.ppc64le"
},
"product_reference": "libdpdk-18_11-18.11.3-4.6.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdpdk-18_11-18.11.3-4.6.2.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.x86_64"
},
"product_reference": "libdpdk-18_11-18.11.3-4.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-10722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10722"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10722",
"url": "https://www.suse.com/security/cve/CVE-2020-10722"
},
{
"category": "external",
"summary": "SUSE Bug 1171477 for CVE-2020-10722",
"url": "https://bugzilla.suse.com/1171477"
},
{
"category": "external",
"summary": "SUSE Bug 1171930 for CVE-2020-10722",
"url": "https://bugzilla.suse.com/1171930"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-05-19T11:20:24Z",
"details": "moderate"
}
],
"title": "CVE-2020-10722"
},
{
"cve": "CVE-2020-10723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10723"
}
],
"notes": [
{
"category": "general",
"text": "A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10723",
"url": "https://www.suse.com/security/cve/CVE-2020-10723"
},
{
"category": "external",
"summary": "SUSE Bug 1171477 for CVE-2020-10723",
"url": "https://bugzilla.suse.com/1171477"
},
{
"category": "external",
"summary": "SUSE Bug 1171925 for CVE-2020-10723",
"url": "https://bugzilla.suse.com/1171925"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-05-19T11:20:24Z",
"details": "moderate"
}
],
"title": "CVE-2020-10723"
},
{
"cve": "CVE-2020-10724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10724"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10724",
"url": "https://www.suse.com/security/cve/CVE-2020-10724"
},
{
"category": "external",
"summary": "SUSE Bug 1171477 for CVE-2020-10724",
"url": "https://bugzilla.suse.com/1171477"
},
{
"category": "external",
"summary": "SUSE Bug 1171926 for CVE-2020-10724",
"url": "https://bugzilla.suse.com/1171926"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-05-19T11:20:24Z",
"details": "moderate"
}
],
"title": "CVE-2020-10724"
},
{
"cve": "CVE-2020-10725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10725"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10725",
"url": "https://www.suse.com/security/cve/CVE-2020-10725"
},
{
"category": "external",
"summary": "SUSE Bug 1171477 for CVE-2020-10725",
"url": "https://bugzilla.suse.com/1171477"
},
{
"category": "external",
"summary": "SUSE Bug 1171927 for CVE-2020-10725",
"url": "https://bugzilla.suse.com/1171927"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-05-19T11:20:24Z",
"details": "important"
}
],
"title": "CVE-2020-10725"
},
{
"cve": "CVE-2020-10726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10726"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10726",
"url": "https://www.suse.com/security/cve/CVE-2020-10726"
},
{
"category": "external",
"summary": "SUSE Bug 1171477 for CVE-2020-10726",
"url": "https://bugzilla.suse.com/1171477"
},
{
"category": "external",
"summary": "SUSE Bug 1171929 for CVE-2020-10726",
"url": "https://bugzilla.suse.com/1171929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-devel-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-kmp-default-18.11.3_k4.12.14_197.40-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:dpdk-tools-18.11.3-4.6.2.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:libdpdk-18_11-18.11.3-4.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-05-19T11:20:24Z",
"details": "moderate"
}
],
"title": "CVE-2020-10726"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…