CVE-2019-14818

Summary

A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.

Affected Software

VendorProductVersion RangeStatus
DPDKdpdkall dpdk version 17.x.x before 17.11.8affected
DPDKdpdkall dpdk version 16.x.x before 16.11.10affected
DPDKdpdkall dpdk version 18.x.x before 18.11.4affected
DPDKdpdkall dpdk version 19.x.x before 19.08.1affected

Weaknesses

  • CWE-401: CWE-401

ADP Enrichment

CVE Program Container

Additional References

References