Dpdk Data Plane Development Kit — known CVE vulnerabilities
Every CVE whose affected-product data names Dpdk Data Plane Development Kit, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2020-14374 — CVSS 8.8 (high): A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a…
CVE-2022-2132 — CVSS 8.6 (high): A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by…
CVE-2020-14376 — CVSS 7.8 (high): A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest…
CVE-2020-14375 — CVSS 7.8 (high): A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a…
CVE-2020-10725 — CVSS 7.7 (high): A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend…
CVE-2021-3839 — CVSS 7.5 (high): A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`…
CVE-2019-14818 — CVSS 7.5 (high): A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a…
CVE-2020-14377 — CVSS 7.1 (high): A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters…
CVE-2022-0669 — CVSS 6.5 (medium): A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to…
CVE-2018-1059 — CVSS 6.1 (medium): The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing…
CVE-2020-10726 — CVSS 6.0 (medium): A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep…
CVE-2020-10724 — CVSS 5.1 (medium): A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values…
CVE-2020-10723 — CVSS 5.1 (medium): A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a…
CVE-2020-10722 — CVSS 5.1 (medium): A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could…
CVE-2020-14378 — CVSS 3.3 (low): An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU…