CVE-2020-14378
LOWDPDK 18.02.1-18.11.9 - Integer Underflow in move_desc Function
Title source: llmDescription
An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.
References (8)
Core 8
Core References
Third Party Advisory vendor-advisory
https://usn.ubuntu.com/4550-1/
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2021/01/04/5
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2021/01/04/1
Mailing List, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2021/01/04/2
Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1879473
Mailing List, Patch, Third Party Advisory
https://www.openwall.com/lists/oss-security/2020/09/28/3
Scores
CVSS v3
3.3
EPSS
0.0008
EPSS Percentile
22.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-191
Status
published
Products (4)
canonical/ubuntu_linux
20.04
dpdk/data_plane_development_kit
18.02.1 - 18.11.10
opensuse/leap
15.1
opensuse/leap
15.2
Published
Sep 30, 2020
Tracked Since
Feb 18, 2026