PublicDateAtUSN: 2020-09-28 15:00:00
Candidate: CVE-2020-14374
CRD: 2020-09-28 15:00:00
PublicDate: 2020-09-30 20:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14374
 https://ubuntu.com/security/notices/USN-4550-1
Description:
 A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A
 flawed bounds checking in the copy_data function leads to a buffer overflow
 allowing an attacker in a virtual machine to write arbitrary data to any
 address in the vhost_crypto application. The highest threat from this
 vulnerability is to data confidentiality and integrity as well as system
 availability.
Ubuntu-Description: 
Notes: 
Mitigation: 
Bugs: 
Priority: medium
Discovered-by: Ryan Hall
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H [8.8 HIGH]


Patches_dpdk:
upstream_dpdk: needs-triage
precise/esm_dpdk: DNE
trusty_dpdk: ignored (out of standard support)
trusty/esm_dpdk: DNE
xenial_dpdk: not-affected (code not present)
esm-infra/xenial_dpdk: not-affected (code not present)
bionic_dpdk: not-affected (code not present)
focal_dpdk: released (19.11.3-0ubuntu0.2)
devel_dpdk: released (19.11.5-1)