CVE-2019-14818

Name
CVE-2019-14818
Description
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14818
Issue Tracking https://bugs.dpdk.org/show_bug.cgi?id=363
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULJ3C7OVBOEVDGSHYC3VCLSUHANGTFFP/
REDHAT https://access.redhat.com/errata/RHSA-2020:0165
REDHAT https://access.redhat.com/errata/RHSA-2020:0166
REDHAT https://access.redhat.com/errata/RHSA-2020:0168
REDHAT https://access.redhat.com/errata/RHSA-2020:0171
REDHAT https://access.redhat.com/errata/RHSA-2020:0172

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:* data_plane_development_kit >= 16.04 < 16.11.10
cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:* data_plane_development_kit >= 17.02 < 17.11.8
cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:* data_plane_development_kit >= 18.02 < 18.11.4
cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:* data_plane_development_kit >= 19.02 < 19.08.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status