An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2021/01/04/1 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2021/01/04/2 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2021/01/04/5 | Mailing List Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1879473 | Issue Tracking Third Party Advisory |
https://usn.ubuntu.com/4550-1/ | Third Party Advisory |
https://www.openwall.com/lists/oss-security/2020/09/28/3 | Mailing List Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2020-09-30T00:00:00
Updated: 2022-10-07T00:00:00
Reserved: 2020-06-17T00:00:00
Link: CVE-2020-14378
JSON object: View
NVD Information
Status : Modified
Published: 2020-09-30T19:15:12.993
Modified: 2023-11-07T03:17:12.120
Link: CVE-2020-14378
JSON object: View
Redhat Information
No data.
CWE