QwikSec

Security Database

CVE

CWE

Training

CVE-2019-14818

Published: Nov 14, 2019

Modified: Aug 5, 2024

PUBLISHED

CVSS v3.0

7.5

HIGH

Description

A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.

Vendor	Product	Versions
DPDK	dpdk	affected `all dpdk version 17.x.x before 17.11.8` affected `all dpdk version 16.x.x before 16.11.10` affected `all dpdk version 18.x.x before 18.11.4` affected `all dpdk version 19.x.x before 19.08.1`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

FEDORA-2019-019df9a459

vendor-advisory

vendor-advisory

vendor-advisory

vendor-advisory

vendor-advisory

vendor-advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14818

https://bugs.dpdk.org/show_bug.cgi?id=363

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.