Description
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| DPDK | dpdk | affected |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Fast Datapath for Red Hat Enterprise Linux 7 | |||
| openvswitch-0:2.9.0-124.el7fdp | cpe:/o:redhat:enterprise_linux:7::fastdatapath | RHSA-2020:0165 | 2020-01-21T00:00:00Z |
| openvswitch2.11-0:2.11.0-35.el7fdp | cpe:/o:redhat:enterprise_linux:7::fastdatapath | RHSA-2020:0166 | 2020-01-21T00:00:00Z |
| openvswitch2.12-0:2.12.0-12.el7fdp | cpe:/o:redhat:enterprise_linux:7::fastdatapath | RHSA-2020:0168 | 2020-01-21T00:00:00Z |
| Fast Datapath for Red Hat Enterprise Linux 8 | |||
| openvswitch2.11-0:2.11.0-35.el8fdp | cpe:/o:redhat:enterprise_linux:8::fastdatapath | RHSA-2020:0171 | 2020-01-22T00:00:00Z |
| openvswitch2.12-0:2.12.0-12.el8fdp | cpe:/o:redhat:enterprise_linux:8::fastdatapath | RHSA-2020:0172 | 2020-01-22T00:00:00Z |
| Red Hat Enterprise Linux 7 Extras | |||
| dpdk-0:18.11.5-1.el7_8 | cpe:/a:redhat:rhel_extras_other:7 | RHSA-2020:1226 | 2020-04-01T00:00:00Z |
| Red Hat Enterprise Linux 8 | |||
| dpdk-0:19.11-4.el8 | cpe:/a:redhat:enterprise_linux:8 | RHSA-2020:1735 | 2020-04-28T00:00:00Z |
| Red Hat OpenStack Platform 13.0 (Queens) | |||
| ansible-role-redhat-subscription-0:1.0.4-2.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| openstack-manila-1:6.3.2-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| openstack-octavia-ui-0:1.0.2-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| openstack-tempest-1:18.0.0-13.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| openvswitch2.11-0:2.11.0-35.el7fdp | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-barbican-tests-tempest-0:0.1.0-0.20180828144800.b8bf147.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-hardware-0:0.23.0-0.20200117070144.59211cc.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-keystoneauth1-0:3.4.1-2.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-keystonemiddleware-0:4.22.0-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-neutron-lib-0:1.13.0-2.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-novajoin-0:1.3.0-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-octavia-tests-tempest-0:1.1.0-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-openstackclient-0:3.14.3-5.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-openstacksdk-0:0.11.4-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-os-testr-0:1.0.1-0.20200218144109.7dd678e.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-os-vif-0:1.9.2-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-ovsdbapp-0:0.10.4-2.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-tempestconf-0:2.4.0-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| rabbitmq-server-0:3.6.15-6.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| rhosp-release-0:13.0.11-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS | |||
| ansible-role-redhat-subscription-0:1.0.4-2.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| openstack-manila-1:6.3.2-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| openstack-octavia-ui-0:1.0.2-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| openstack-tempest-1:18.0.0-13.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-barbican-tests-tempest-0:0.1.0-0.20180828144800.b8bf147.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-hardware-0:0.23.0-0.20200117070144.59211cc.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-keystoneauth1-0:3.4.1-2.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-keystonemiddleware-0:4.22.0-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-neutron-lib-0:1.13.0-2.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-novajoin-0:1.3.0-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-octavia-tests-tempest-0:1.1.0-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-openstackclient-0:3.14.3-5.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-openstacksdk-0:0.11.4-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-os-testr-0:1.0.1-0.20200218144109.7dd678e.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-os-vif-0:1.9.2-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-ovsdbapp-0:0.10.4-2.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-tempestconf-0:2.4.0-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| rabbitmq-server-0:3.6.15-6.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| rhosp-release-0:13.0.11-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS | |||
| openvswitch-0:2.9.0-124.el7fdp | cpe:/o:redhat:enterprise_linux:7::hypervisor | RHSA-2020:0165 | 2020-01-21T00:00:00Z |
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DSA |
DSA-4567-1 | dpdk security update |
 EUVD |
EUVD-2019-5947 | A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition. |
 Ubuntu USN |
USN-4189-1 | DPDK vulnerability |
References
History
Sun, 13 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-05T00:26:39.137Z
Reserved: 2019-08-10T00:00:00.000Z
Link: CVE-2019-14818
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-11-14T17:15:14.757
Modified: 2024-11-21T04:27:25.607
Link: CVE-2019-14818
Redhat
OpenCVE Enrichment
No data.
Weaknesses