#VU27998 Memory leak in DPDK - CVE-2020-10725


| Updated: 2020-05-26

Vulnerability identifier: #VU27998

Vulnerability risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-10725

CWE-ID: CWE-401

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
DPDK
Server applications / Frameworks for developing and running applications

Vendor: DPDK Project

Description
The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak. A remote attacker can force the application to leak memory and perform denial of service attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

DPDK: 16.04 - 16.11.11, 17.02 - 17.11.10, 18.02 - 18.11.8, 19.02 - 19.11.1, 20.02

External links
https://doc.dpdk.org/guides-20.02/rel_notes/release_20_02.html
https://doc.dpdk.org/guides-19.11/rel_notes/release_19_11.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Anolis OS update for dpdk
Red Hat Enterprise Linux 8.2 update for dpdk
Red Hat Enterprise Linux 8 update for dpdk
Red Hat Enterprise Linux Fast Datapath update for openvswitch
OpenSUSE Linux update for dpdk
Ubuntu update for DPDK
Multiple vulnerabilities in DPDK