Bugzilla – Bug 1171925
VUL-0: CVE-2020-10723: dpdk: Integer truncation in vhost_user_check_and_alloc_queue_pair()
Last modified: 2020-07-25 06:32:11 UTC
CVE-2020-10723 A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption. Reference https://nvd.nist.gov/vuln/detail/CVE-2020-10723
SUSE-SU-2020:1430-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1171477,1171925,1171930 CVE References: CVE-2019-14818,CVE-2020-10722,CVE-2020-10723 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP4 (src): dpdk-17.11.7-5.6.2, dpdk-thunderx-17.11.7-5.6.2 SUSE Linux Enterprise Server 12-SP4 (src): dpdk-17.11.7-5.6.2, dpdk-thunderx-17.11.7-5.6.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:1552-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1171477,1171925,1171926,1171930 CVE References: CVE-2020-10722,CVE-2020-10723,CVE-2020-10724 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): dpdk-18.11.3-3.9.2, dpdk-thunderx-18.11.3-3.9.2 SUSE Linux Enterprise Server 12-SP5 (src): dpdk-18.11.3-3.9.2, dpdk-thunderx-18.11.3-3.9.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
released