A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
| Link | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2020/09/28/3 | mailing list third party advisory patch |
| https://bugzilla.redhat.com/show_bug.cgi?id=1879466 | issue tracking tool signature |
| http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html | third party advisory vendor advisory |
| http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html | mailing list third party advisory vendor advisory |
| http://www.openwall.com/lists/oss-security/2021/01/04/5 | third party advisory mailing list |
| http://www.openwall.com/lists/oss-security/2021/01/04/1 | mailing list third party advisory patch |
| http://www.openwall.com/lists/oss-security/2021/01/04/2 | mailing list third party advisory patch |