[dpdk-announce] DPDK security advisory: CVE-2019-14818

Ferruh Yigit ferruh.yigit at intel.com
Tue Nov 12 16:35:51 CET 2019

Previous message: [dpdk-announce] DPDK security advisory: CVE-2019-14818
Next message: [dpdk-announce] [dpdk-security] DPDK security advisory: CVE-2019-14818
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/12/2019 3:15 PM, Ferruh Yigit wrote:
> A vulnerability was fixed in DPDK.
> 
> Some downstream stakeholders were warned in advance in order to coordinate the
> release of fixes and reduce the vulnerability window.
> 
> Problem:
> A malicious container which has direct access to the vhost-user socket can keep
> sending messages which may cause leaking resources until resulting a DOS.
> 
> All users of the vhost library are strongly encouraged to upgrade as soon as
> possible.
> 
> CVE-2019-14818
> Bugzilla: https://bugs.dpdk.org/show_bug.cgi?id=363
> Severity: Medium
> CVSS scores: 6.8

And thanks to the "Jason Wang" [1] for reporting the vulnerability, all credits
for discovering the issue goes to him.

[1]
Jason Wang <jasowang at redhat.com>

Previous message: [dpdk-announce] DPDK security advisory: CVE-2019-14818
Next message: [dpdk-announce] [dpdk-security] DPDK security advisory: CVE-2019-14818
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the announce mailing list