csaf_suse - suse-su-2020:2770-1

suse-su-2020:2770-1

Vulnerability from csaf_suse

Published

2020-09-28 15:49

Modified

2020-09-28 15:49

Summary

Security update for dpdk

Notes

Title of the patch

Security update for dpdk

Description of the patch

This update for dpdk fixes the following issues: - dpdk was updated to 19.11.4 - CVE-2020-14374,CVE-2020-14375,CVE-2020-14376,CVE-2020-14377,CVE-2020-14378: Fixed multiple issues where a malicious guest could harm the host using vhost crypto, including executing code in host (VM Escape), reading host application memory space to guest and causing partially denial of service in the host(bsc#1176590). - For a list of fixes check: https://doc.dpdk.org/guides-19.11/rel_notes/release_19_11.html#id8 denial of service in the host (bsc#1176590).

Patchnames

SUSE-2020-2770,SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-2770,SUSE-SLE-Module-Server-Applications-15-SP2-2020-2770

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for dpdk",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for dpdk fixes the following issues:\n\n- dpdk was updated to 19.11.4\n  - CVE-2020-14374,CVE-2020-14375,CVE-2020-14376,CVE-2020-14377,CVE-2020-14378: Fixed multiple issues where a malicious guest could \n    harm the host using vhost crypto, including executing code in host (VM Escape), reading host application memory space to guest \n    and causing partially denial of service in the host(bsc#1176590).\n- For a list of fixes check:\n  https://doc.dpdk.org/guides-19.11/rel_notes/release_19_11.html#id8\n  denial of service in the host (bsc#1176590).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2020-2770,SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-2770,SUSE-SLE-Module-Server-Applications-15-SP2-2020-2770",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_2770-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2020:2770-1",
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202770-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2020:2770-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2020-September/007493.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1176590",
        "url": "https://bugzilla.suse.com/1176590"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-14374 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-14374/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-14375 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-14375/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-14376 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-14376/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-14377 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-14377/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-14378 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-14378/"
      }
    ],
    "title": "Security update for dpdk",
    "tracking": {
      "current_release_date": "2020-09-28T15:49:35Z",
      "generator": {
        "date": "2020-09-28T15:49:35Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2020:2770-1",
      "initial_release_date": "2020-09-28T15:49:35Z",
      "revision_history": [
        {
          "date": "2020-09-28T15:49:35Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dpdk-19.11.4-3.9.1.aarch64",
                "product": {
                  "name": "dpdk-19.11.4-3.9.1.aarch64",
                  "product_id": "dpdk-19.11.4-3.9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "dpdk-devel-19.11.4-3.9.1.aarch64",
                "product": {
                  "name": "dpdk-devel-19.11.4-3.9.1.aarch64",
                  "product_id": "dpdk-devel-19.11.4-3.9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "dpdk-examples-19.11.4-3.9.1.aarch64",
                "product": {
                  "name": "dpdk-examples-19.11.4-3.9.1.aarch64",
                  "product_id": "dpdk-examples-19.11.4-3.9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
                "product": {
                  "name": "dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
                  "product_id": "dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "dpdk-kmp-preempt-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
                "product": {
                  "name": "dpdk-kmp-preempt-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
                  "product_id": "dpdk-kmp-preempt-19.11.4_k5.3.18_24.15-3.9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "dpdk-thunderx-19.11.4-3.9.1.aarch64",
                "product": {
                  "name": "dpdk-thunderx-19.11.4-3.9.1.aarch64",
                  "product_id": "dpdk-thunderx-19.11.4-3.9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "dpdk-thunderx-devel-19.11.4-3.9.1.aarch64",
                "product": {
                  "name": "dpdk-thunderx-devel-19.11.4-3.9.1.aarch64",
                  "product_id": "dpdk-thunderx-devel-19.11.4-3.9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "dpdk-thunderx-examples-19.11.4-3.9.1.aarch64",
                "product": {
                  "name": "dpdk-thunderx-examples-19.11.4-3.9.1.aarch64",
                  "product_id": "dpdk-thunderx-examples-19.11.4-3.9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "dpdk-thunderx-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
                "product": {
                  "name": "dpdk-thunderx-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
                  "product_id": "dpdk-thunderx-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "dpdk-thunderx-kmp-preempt-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
                "product": {
                  "name": "dpdk-thunderx-kmp-preempt-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
                  "product_id": "dpdk-thunderx-kmp-preempt-19.11.4_k5.3.18_24.15-3.9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "dpdk-thunderx-tools-19.11.4-3.9.1.aarch64",
                "product": {
                  "name": "dpdk-thunderx-tools-19.11.4-3.9.1.aarch64",
                  "product_id": "dpdk-thunderx-tools-19.11.4-3.9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "dpdk-tools-19.11.4-3.9.1.aarch64",
                "product": {
                  "name": "dpdk-tools-19.11.4-3.9.1.aarch64",
                  "product_id": "dpdk-tools-19.11.4-3.9.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libdpdk-20_0-19.11.4-3.9.1.aarch64",
                "product": {
                  "name": "libdpdk-20_0-19.11.4-3.9.1.aarch64",
                  "product_id": "libdpdk-20_0-19.11.4-3.9.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dpdk-doc-19.11.4-3.9.1.noarch",
                "product": {
                  "name": "dpdk-doc-19.11.4-3.9.1.noarch",
                  "product_id": "dpdk-doc-19.11.4-3.9.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "dpdk-thunderx-doc-19.11.4-3.9.1.noarch",
                "product": {
                  "name": "dpdk-thunderx-doc-19.11.4-3.9.1.noarch",
                  "product_id": "dpdk-thunderx-doc-19.11.4-3.9.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dpdk-19.11.4-3.9.1.ppc64le",
                "product": {
                  "name": "dpdk-19.11.4-3.9.1.ppc64le",
                  "product_id": "dpdk-19.11.4-3.9.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "dpdk-devel-19.11.4-3.9.1.ppc64le",
                "product": {
                  "name": "dpdk-devel-19.11.4-3.9.1.ppc64le",
                  "product_id": "dpdk-devel-19.11.4-3.9.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "dpdk-examples-19.11.4-3.9.1.ppc64le",
                "product": {
                  "name": "dpdk-examples-19.11.4-3.9.1.ppc64le",
                  "product_id": "dpdk-examples-19.11.4-3.9.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.ppc64le",
                "product": {
                  "name": "dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.ppc64le",
                  "product_id": "dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "dpdk-tools-19.11.4-3.9.1.ppc64le",
                "product": {
                  "name": "dpdk-tools-19.11.4-3.9.1.ppc64le",
                  "product_id": "dpdk-tools-19.11.4-3.9.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libdpdk-20_0-19.11.4-3.9.1.ppc64le",
                "product": {
                  "name": "libdpdk-20_0-19.11.4-3.9.1.ppc64le",
                  "product_id": "libdpdk-20_0-19.11.4-3.9.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "dpdk-19.11.4-3.9.1.x86_64",
                "product": {
                  "name": "dpdk-19.11.4-3.9.1.x86_64",
                  "product_id": "dpdk-19.11.4-3.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "dpdk-devel-19.11.4-3.9.1.x86_64",
                "product": {
                  "name": "dpdk-devel-19.11.4-3.9.1.x86_64",
                  "product_id": "dpdk-devel-19.11.4-3.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "dpdk-examples-19.11.4-3.9.1.x86_64",
                "product": {
                  "name": "dpdk-examples-19.11.4-3.9.1.x86_64",
                  "product_id": "dpdk-examples-19.11.4-3.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.x86_64",
                "product": {
                  "name": "dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.x86_64",
                  "product_id": "dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "dpdk-kmp-preempt-19.11.4_k5.3.18_24.15-3.9.1.x86_64",
                "product": {
                  "name": "dpdk-kmp-preempt-19.11.4_k5.3.18_24.15-3.9.1.x86_64",
                  "product_id": "dpdk-kmp-preempt-19.11.4_k5.3.18_24.15-3.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "dpdk-tools-19.11.4-3.9.1.x86_64",
                "product": {
                  "name": "dpdk-tools-19.11.4-3.9.1.x86_64",
                  "product_id": "dpdk-tools-19.11.4-3.9.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libdpdk-20_0-19.11.4-3.9.1.x86_64",
                "product": {
                  "name": "libdpdk-20_0-19.11.4-3.9.1.x86_64",
                  "product_id": "libdpdk-20_0-19.11.4-3.9.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Package Hub 15 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Package Hub 15 SP2",
                  "product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:packagehub:15:sp2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Server Applications 15 SP2",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Server Applications 15 SP2",
                  "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-server-applications:15:sp2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdpdk-20_0-19.11.4-3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64"
        },
        "product_reference": "libdpdk-20_0-19.11.4-3.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dpdk-19.11.4-3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.aarch64"
        },
        "product_reference": "dpdk-19.11.4-3.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dpdk-19.11.4-3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.ppc64le"
        },
        "product_reference": "dpdk-19.11.4-3.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dpdk-19.11.4-3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.x86_64"
        },
        "product_reference": "dpdk-19.11.4-3.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dpdk-devel-19.11.4-3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.aarch64"
        },
        "product_reference": "dpdk-devel-19.11.4-3.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dpdk-devel-19.11.4-3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.ppc64le"
        },
        "product_reference": "dpdk-devel-19.11.4-3.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dpdk-devel-19.11.4-3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.x86_64"
        },
        "product_reference": "dpdk-devel-19.11.4-3.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64"
        },
        "product_reference": "dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.ppc64le"
        },
        "product_reference": "dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.x86_64"
        },
        "product_reference": "dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dpdk-thunderx-19.11.4-3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-19.11.4-3.9.1.aarch64"
        },
        "product_reference": "dpdk-thunderx-19.11.4-3.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dpdk-thunderx-devel-19.11.4-3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-devel-19.11.4-3.9.1.aarch64"
        },
        "product_reference": "dpdk-thunderx-devel-19.11.4-3.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dpdk-thunderx-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64"
        },
        "product_reference": "dpdk-thunderx-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dpdk-tools-19.11.4-3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.aarch64"
        },
        "product_reference": "dpdk-tools-19.11.4-3.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dpdk-tools-19.11.4-3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.ppc64le"
        },
        "product_reference": "dpdk-tools-19.11.4-3.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dpdk-tools-19.11.4-3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.x86_64"
        },
        "product_reference": "dpdk-tools-19.11.4-3.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdpdk-20_0-19.11.4-3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.aarch64"
        },
        "product_reference": "libdpdk-20_0-19.11.4-3.9.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdpdk-20_0-19.11.4-3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.ppc64le"
        },
        "product_reference": "libdpdk-20_0-19.11.4-3.9.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libdpdk-20_0-19.11.4-3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP2",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64"
        },
        "product_reference": "libdpdk-20_0-19.11.4-3.9.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-14374",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-14374"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Package Hub 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-devel-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-14374",
          "url": "https://www.suse.com/security/cve/CVE-2020-14374"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1176590 for CVE-2020-14374",
          "url": "https://bugzilla.suse.com/1176590"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Package Hub 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-devel-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Package Hub 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-devel-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-09-28T15:49:35Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-14374"
    },
    {
      "cve": "CVE-2020-14375",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-14375"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Package Hub 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-devel-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-14375",
          "url": "https://www.suse.com/security/cve/CVE-2020-14375"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1176590 for CVE-2020-14375",
          "url": "https://bugzilla.suse.com/1176590"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Package Hub 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-devel-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Package Hub 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-devel-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-09-28T15:49:35Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-14375"
    },
    {
      "cve": "CVE-2020-14376",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-14376"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Package Hub 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-devel-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-14376",
          "url": "https://www.suse.com/security/cve/CVE-2020-14376"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1176590 for CVE-2020-14376",
          "url": "https://bugzilla.suse.com/1176590"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Package Hub 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-devel-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Package Hub 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-devel-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-09-28T15:49:35Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-14376"
    },
    {
      "cve": "CVE-2020-14377",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-14377"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Package Hub 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-devel-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-14377",
          "url": "https://www.suse.com/security/cve/CVE-2020-14377"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1176590 for CVE-2020-14377",
          "url": "https://bugzilla.suse.com/1176590"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Package Hub 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-devel-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Package Hub 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-devel-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-09-28T15:49:35Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-14377"
    },
    {
      "cve": "CVE-2020-14378",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-14378"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Package Hub 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-devel-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-14378",
          "url": "https://www.suse.com/security/cve/CVE-2020-14378"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1176590 for CVE-2020-14378",
          "url": "https://bugzilla.suse.com/1176590"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Package Hub 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-devel-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Package Hub 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-devel-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-devel-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-thunderx-kmp-default-19.11.4_k5.3.18_24.15-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:dpdk-tools-19.11.4-3.9.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP2:libdpdk-20_0-19.11.4-3.9.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-09-28T15:49:35Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-14378"
    }
  ]
}

CVE-2020-14376 (GCVE-0-2020-14376)

Vulnerability from cvelistv5

Published

2020-09-30 18:49

Modified

2024-08-04 12:46

Severity ?

CWE

CWE-120

Summary

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

►

URL

Tags

	https://www.openwall.com/lists/oss-security/2020/09/28/3	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=1879470	x_refsource_MISC
	https://usn.ubuntu.com/4550-1/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2021/01/04/5	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2021/01/04/1	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2021/01/04/2	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	dpdk	Version: All dpdk versions before 18.11.10 and before 19.11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:46:34.601Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879470"
          },
          {
            "name": "USN-4550-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4550-1/"
          },
          {
            "name": "openSUSE-SU-2020:1593",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
          },
          {
            "name": "openSUSE-SU-2020:1599",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
          },
          {
            "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
          },
          {
            "name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
          },
          {
            "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "dpdk",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All dpdk versions before 18.11.10 and before 19.11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-04T15:06:21",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879470"
        },
        {
          "name": "USN-4550-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4550-1/"
        },
        {
          "name": "openSUSE-SU-2020:1593",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
        },
        {
          "name": "openSUSE-SU-2020:1599",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
        },
        {
          "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
        },
        {
          "name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
        },
        {
          "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-14376",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "dpdk",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All dpdk versions before 18.11.10 and before 19.11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-120"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.openwall.com/lists/oss-security/2020/09/28/3",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1879470",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879470"
            },
            {
              "name": "USN-4550-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4550-1/"
            },
            {
              "name": "openSUSE-SU-2020:1593",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
            },
            {
              "name": "openSUSE-SU-2020:1599",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
            },
            {
              "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
            },
            {
              "name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
            },
            {
              "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-14376",
    "datePublished": "2020-09-30T18:49:04",
    "dateReserved": "2020-06-17T00:00:00",
    "dateUpdated": "2024-08-04T12:46:34.601Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-14378 (GCVE-0-2020-14378)

Vulnerability from cvelistv5

Published

2020-09-30 00:00

Modified

2024-08-04 12:46

Severity ?

CWE

CWE-191 - leads to CWE-400

Summary

An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.

References

►

URL

Tags

	https://www.openwall.com/lists/oss-security/2020/09/28/3
	https://bugzilla.redhat.com/show_bug.cgi?id=1879473
	https://usn.ubuntu.com/4550-1/	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html	vendor-advisory
	http://www.openwall.com/lists/oss-security/2021/01/04/5	mailing-list
	http://www.openwall.com/lists/oss-security/2021/01/04/1	mailing-list
	http://www.openwall.com/lists/oss-security/2021/01/04/2	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	dpdk	Version: All dpdk versions before 18.11.10 and before 19.11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:46:33.313Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879473"
          },
          {
            "name": "USN-4550-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4550-1/"
          },
          {
            "name": "openSUSE-SU-2020:1593",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
          },
          {
            "name": "openSUSE-SU-2020:1599",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
          },
          {
            "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
          },
          {
            "name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
          },
          {
            "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "dpdk",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All dpdk versions before 18.11.10 and before 19.11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191 leads to CWE-400",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879473"
        },
        {
          "name": "USN-4550-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4550-1/"
        },
        {
          "name": "openSUSE-SU-2020:1593",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
        },
        {
          "name": "openSUSE-SU-2020:1599",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
        },
        {
          "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
        },
        {
          "name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
        },
        {
          "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-14378",
    "datePublished": "2020-09-30T00:00:00",
    "dateReserved": "2020-06-17T00:00:00",
    "dateUpdated": "2024-08-04T12:46:33.313Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-14374 (GCVE-0-2020-14374)

Vulnerability from cvelistv5

Published

2020-09-30 19:10

Modified

2024-08-04 12:46

Severity ?

CWE

CWE-120

Summary

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

►

URL

Tags

	https://www.openwall.com/lists/oss-security/2020/09/28/3	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=1879466	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2021/01/04/5	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2021/01/04/1	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2021/01/04/2	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	dpdk	Version: All dpdk versions before 18.11.10 and before 19.11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:46:34.327Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879466"
          },
          {
            "name": "openSUSE-SU-2020:1593",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
          },
          {
            "name": "openSUSE-SU-2020:1599",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
          },
          {
            "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
          },
          {
            "name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
          },
          {
            "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "dpdk",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All dpdk versions before 18.11.10 and before 19.11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-04T15:06:18",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879466"
        },
        {
          "name": "openSUSE-SU-2020:1593",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
        },
        {
          "name": "openSUSE-SU-2020:1599",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
        },
        {
          "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
        },
        {
          "name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
        },
        {
          "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-14374",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "dpdk",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All dpdk versions before 18.11.10 and before 19.11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-120"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.openwall.com/lists/oss-security/2020/09/28/3",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1879466",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879466"
            },
            {
              "name": "openSUSE-SU-2020:1593",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
            },
            {
              "name": "openSUSE-SU-2020:1599",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
            },
            {
              "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
            },
            {
              "name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
            },
            {
              "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-14374",
    "datePublished": "2020-09-30T19:10:16",
    "dateReserved": "2020-06-17T00:00:00",
    "dateUpdated": "2024-08-04T12:46:34.327Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-14377 (GCVE-0-2020-14377)

Vulnerability from cvelistv5

Published

2020-09-30 18:53

Modified

2024-08-04 12:46

Severity ?

CWE

CWE-125

Summary

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability.

References

►

URL

Tags

	https://www.openwall.com/lists/oss-security/2020/09/28/3	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=1879472	x_refsource_MISC
	https://usn.ubuntu.com/4550-1/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2021/01/04/5	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2021/01/04/1	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2021/01/04/2	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	dpdk	Version: All dpdk versions before 18.11.10 and before 19.11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:46:33.887Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879472"
          },
          {
            "name": "USN-4550-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4550-1/"
          },
          {
            "name": "openSUSE-SU-2020:1593",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
          },
          {
            "name": "openSUSE-SU-2020:1599",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
          },
          {
            "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
          },
          {
            "name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
          },
          {
            "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "dpdk",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All dpdk versions before 18.11.10 and before 19.11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-04T15:06:19",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879472"
        },
        {
          "name": "USN-4550-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4550-1/"
        },
        {
          "name": "openSUSE-SU-2020:1593",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
        },
        {
          "name": "openSUSE-SU-2020:1599",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
        },
        {
          "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
        },
        {
          "name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
        },
        {
          "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-14377",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "dpdk",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All dpdk versions before 18.11.10 and before 19.11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.openwall.com/lists/oss-security/2020/09/28/3",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1879472",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879472"
            },
            {
              "name": "USN-4550-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4550-1/"
            },
            {
              "name": "openSUSE-SU-2020:1593",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
            },
            {
              "name": "openSUSE-SU-2020:1599",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
            },
            {
              "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
            },
            {
              "name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
            },
            {
              "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-14377",
    "datePublished": "2020-09-30T18:53:44",
    "dateReserved": "2020-06-17T00:00:00",
    "dateUpdated": "2024-08-04T12:46:33.887Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-14375 (GCVE-0-2020-14375)

Vulnerability from cvelistv5

Published

2020-09-30 18:42

Modified

2024-08-04 12:46

Severity ?

CWE

CWE-367

Summary

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

►

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=1879468	x_refsource_MISC
	https://www.openwall.com/lists/oss-security/2020/09/28/3	x_refsource_MISC
	https://usn.ubuntu.com/4550-1/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html	vendor-advisory, x_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2021/01/04/5	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2021/01/04/1	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2021/01/04/2	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	dpdk	Version: All dpdk versions before 18.11.10 and before 19.11.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:46:34.328Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879468"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
          },
          {
            "name": "USN-4550-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4550-1/"
          },
          {
            "name": "openSUSE-SU-2020:1593",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
          },
          {
            "name": "openSUSE-SU-2020:1599",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
          },
          {
            "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
          },
          {
            "name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
          },
          {
            "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "dpdk",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All dpdk versions before 18.11.10 and before 19.11.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "CWE-367",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-04T15:06:21",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879468"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
        },
        {
          "name": "USN-4550-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4550-1/"
        },
        {
          "name": "openSUSE-SU-2020:1593",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
        },
        {
          "name": "openSUSE-SU-2020:1599",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
        },
        {
          "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
        },
        {
          "name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
        },
        {
          "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-14375",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "dpdk",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All dpdk versions before 18.11.10 and before 19.11.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-367"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1879468",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1879468"
            },
            {
              "name": "https://www.openwall.com/lists/oss-security/2020/09/28/3",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2020/09/28/3"
            },
            {
              "name": "USN-4550-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4550-1/"
            },
            {
              "name": "openSUSE-SU-2020:1593",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00004.html"
            },
            {
              "name": "openSUSE-SU-2020:1599",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00006.html"
            },
            {
              "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/01/04/5"
            },
            {
              "name": "[oss-security] 20210104 Re: DPDK security advisory for multiple vhost crypto issues",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/01/04/1"
            },
            {
              "name": "[oss-security] 20210104 Re: [dpdk-dev] DPDK security advisory for multiple vhost crypto issues",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/01/04/2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-14375",
    "datePublished": "2020-09-30T18:42:58",
    "dateReserved": "2020-06-17T00:00:00",
    "dateUpdated": "2024-08-04T12:46:34.328Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2020:2770-1

Vulnerability from csaf_suse

CVE-2020-14376 (GCVE-0-2020-14376)

Vulnerability from cvelistv5

CVE-2020-14378 (GCVE-0-2020-14378)

Vulnerability from cvelistv5

CVE-2020-14374 (GCVE-0-2020-14374)

Vulnerability from cvelistv5

CVE-2020-14377 (GCVE-0-2020-14377)

Vulnerability from cvelistv5

CVE-2020-14375 (GCVE-0-2020-14375)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature