CVE-2019-14818 — HIGH (7.5)

Q: How severe is CVE-2019-14818?

CVE-2019-14818 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-14818?

Check the references section above for vendor advisories and patch information. Affected products include: Dpdk Data Plane Development Kit, Redhat Enterprise Linux Fast Datapath, Redhat Openstack, Redhat Virtualization Eus, Fedoraproject Fedora.

Vulnerability Description

A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Dpdk	Data Plane Development Kit	>= 16.04, < 16.11.10
Redhat	Enterprise Linux Fast Datapath	7.0
Redhat	Openstack	10
Redhat	Virtualization Eus	4.2
Fedoraproject	Fedora	31

Related Weaknesses (CWE)

CWE-401

References

https://access.redhat.com/errata/RHSA-2020:0165Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0166Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0168Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0171Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0172Third Party Advisory
https://bugs.dpdk.org/show_bug.cgi?id=363Issue TrackingPatchVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14818Issue TrackingPatchThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://access.redhat.com/errata/RHSA-2020:0165Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0166Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0168Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0171Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0172Third Party Advisory
https://bugs.dpdk.org/show_bug.cgi?id=363Issue TrackingPatchVendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14818Issue TrackingPatchThird Party Advisory

FAQ

What is CVE-2019-14818?

CVE-2019-14818 is a vulnerability with a CVSS score of 7.5 (HIGH). A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user s...

How severe is CVE-2019-14818?

CVE-2019-14818 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-14818?

Check the references section above for vendor advisories and patch information. Affected products include: Dpdk Data Plane Development Kit, Redhat Enterprise Linux Fast Datapath, Redhat Openstack, Redhat Virtualization Eus, Fedoraproject Fedora.