CVE-2019-14818

Published Nov 14, 2019

Last updated a year ago

CVSS high 7.5

Overview

Description: A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 3.0

Type: Secondary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-401
secalert@redhat.com: CWE-401

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "122B11D1-C06A-4502-B91D-587FAF4EF42B",
            "versionEndExcluding": "16.11.10",
            "versionStartIncluding": "16.04"
          },
          {
            "criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D206630-55D1-494F-9387-FA39BDBBF83B",
            "versionEndExcluding": "17.11.8",
            "versionStartIncluding": "17.02"
          },
          {
            "criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4470ED65-4A5E-4A73-81F8-36A74F810923",
            "versionEndExcluding": "18.11.4",
            "versionStartIncluding": "18.02"
          },
          {
            "criteria": "cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3285324-00CB-4F5C-BF3C-096804336F99",
            "versionEndExcluding": "19.08.1",
            "versionStartIncluding": "19.02"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:enterprise_linux_fast_datapath:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "559A4609-EC7E-40CD-9165-5DA68CBCEE9B"
          },
          {
            "criteria": "cpe:2.3:a:redhat:enterprise_linux_fast_datapath:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BAE5723C-165D-4427-A8DF-82662A2E7A9F"
          },
          {
            "criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA"
          },
          {
            "criteria": "cpe:2.3:a:redhat:virtualization_eus:4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "366EA5C8-C014-477E-9567-C0F67D112E87"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References