Description
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| DPDK | dpdk | affected |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Fast Datapath for Red Hat Enterprise Linux 7 | |||
| openvswitch-0:2.9.0-124.el7fdp | cpe:/o:redhat:enterprise_linux:7::fastdatapath | RHSA-2020:0165 | 2020-01-21T00:00:00Z |
| openvswitch2.11-0:2.11.0-35.el7fdp | cpe:/o:redhat:enterprise_linux:7::fastdatapath | RHSA-2020:0166 | 2020-01-21T00:00:00Z |
| openvswitch2.12-0:2.12.0-12.el7fdp | cpe:/o:redhat:enterprise_linux:7::fastdatapath | RHSA-2020:0168 | 2020-01-21T00:00:00Z |
| Fast Datapath for Red Hat Enterprise Linux 8 | |||
| openvswitch2.11-0:2.11.0-35.el8fdp | cpe:/o:redhat:enterprise_linux:8::fastdatapath | RHSA-2020:0171 | 2020-01-22T00:00:00Z |
| openvswitch2.12-0:2.12.0-12.el8fdp | cpe:/o:redhat:enterprise_linux:8::fastdatapath | RHSA-2020:0172 | 2020-01-22T00:00:00Z |
| Red Hat Enterprise Linux 7 Extras | |||
| dpdk-0:18.11.5-1.el7_8 | cpe:/a:redhat:rhel_extras_other:7 | RHSA-2020:1226 | 2020-04-01T00:00:00Z |
| Red Hat Enterprise Linux 8 | |||
| dpdk-0:19.11-4.el8 | cpe:/a:redhat:enterprise_linux:8 | RHSA-2020:1735 | 2020-04-28T00:00:00Z |
| Red Hat OpenStack Platform 13.0 (Queens) | |||
| ansible-role-redhat-subscription-0:1.0.4-2.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| openstack-manila-1:6.3.2-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| openstack-octavia-ui-0:1.0.2-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| openstack-tempest-1:18.0.0-13.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| openvswitch2.11-0:2.11.0-35.el7fdp | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-barbican-tests-tempest-0:0.1.0-0.20180828144800.b8bf147.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-hardware-0:0.23.0-0.20200117070144.59211cc.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-keystoneauth1-0:3.4.1-2.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-keystonemiddleware-0:4.22.0-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-neutron-lib-0:1.13.0-2.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-novajoin-0:1.3.0-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-octavia-tests-tempest-0:1.1.0-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-openstackclient-0:3.14.3-5.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-openstacksdk-0:0.11.4-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-os-testr-0:1.0.1-0.20200218144109.7dd678e.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-os-vif-0:1.9.2-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-ovsdbapp-0:0.10.4-2.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-tempestconf-0:2.4.0-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| rabbitmq-server-0:3.6.15-6.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| rhosp-release-0:13.0.11-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS | |||
| ansible-role-redhat-subscription-0:1.0.4-2.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| openstack-manila-1:6.3.2-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| openstack-octavia-ui-0:1.0.2-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| openstack-tempest-1:18.0.0-13.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-barbican-tests-tempest-0:0.1.0-0.20180828144800.b8bf147.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-hardware-0:0.23.0-0.20200117070144.59211cc.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-keystoneauth1-0:3.4.1-2.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-keystonemiddleware-0:4.22.0-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-neutron-lib-0:1.13.0-2.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-novajoin-0:1.3.0-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-octavia-tests-tempest-0:1.1.0-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-openstackclient-0:3.14.3-5.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-openstacksdk-0:0.11.4-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-os-testr-0:1.0.1-0.20200218144109.7dd678e.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-os-vif-0:1.9.2-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-ovsdbapp-0:0.10.4-2.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| python-tempestconf-0:2.4.0-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| rabbitmq-server-0:3.6.15-6.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| rhosp-release-0:13.0.11-1.el7ost | cpe:/a:redhat:openstack:13::el7 | RHBA-2020:0769 | 2020-03-10T00:00:00Z |
| Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS | |||
| openvswitch-0:2.9.0-124.el7fdp | cpe:/o:redhat:enterprise_linux:7::hypervisor | RHSA-2020:0165 | 2020-01-21T00:00:00Z |
No data available yet.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DSA |
DSA-4567-1 | dpdk security update |
 EUVD |
EUVD-2019-5947 | A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition. |
 Ubuntu USN |
USN-4189-1 | DPDK vulnerability |
References
History
Sun, 13 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-05T00:26:39.137Z
Reserved: 2019-08-10T00:00:00.000Z
Link: CVE-2019-14818
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-11-14T17:15:14.757
Modified: 2024-11-21T04:27:25.607
Link: CVE-2019-14818
Redhat
OpenCVE Enrichment
No data.
Weaknesses