CVE-2020-14378

Priority
Description
An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in
the `move_desc` function can lead to large amounts of CPU cycles being
eaten up in a long running loop. An attacker could cause `move_desc` to get
stuck in a 4,294,967,295-count iteration loop. Depending on how
`vhost_crypto` is being used this could prevent other VMs or network tasks
from being serviced by the busy DPDK lcore for an extended period.
Assigned-to
mdeslaur
Notes
Package
Source: dpdk (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Ubuntu 20.04 LTS (Focal Fossa):released (19.11.3-0ubuntu0.2)
Ubuntu 20.10 (Groovy Gorilla):released (19.11.5-1)
More Information

Updated: 2020-10-08 16:15:43 UTC (commit 787502496eb4c6ba1c4a50c098423d443ee99174)