CVE-2020-10726

Summary

A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service.

Affected Software

VendorProductVersion RangeStatus
[UNKNOWN]dpdk20.02.1affected
[UNKNOWN]dpdk19.11.2affected

Weaknesses

  • CWE-190: CWE-190

ADP Enrichment

CVE Program Container

Additional References

References