What is CVE-2020-10724?

CVE-2020-10724 is a medium-severity vulnerability in Dpdk Data_plane_development_kit, classified under Integer Overflow or Wraparound. CVSS score: 5.1/10. Published 2020-05-19.

How severe is CVE-2020-10724?

Medium severity. CVSS v3 base score is 5.1 out of 10.

Out-of-bounds Read in Dpdk Data_plane_development_kit

CVE-2020-10724

A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read.

Vulnerability class: Integer Overflow

EPSS: 0.004 (27.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.1 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H.

Affected products

Dpdk Data_plane_development_kit
[Unknown] Dpdk — versions 20.02.1, 19.11.2, 18.11.8
Canonical Ubuntu_linux — versions 18.04, 19.10, 20.04
Fedoraproject Fedora — versions 32

Weakness classification (CWE)

References

secalert@redhat.com (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
secalert@redhat.com (vendor-advisory, Third Party Advisory, Broken Link, x_refsource_SUSE)
secalert@redhat.com (x_refsource_FEDORA, vendor-advisory)
secalert@redhat.com (Third Party Advisory, x_refsource_MISC)
secalert@redhat.com (Mailing List, Third Party Advisory, x_refsource_MISC)
secalert@redhat.com (Patch, x_refsource_MISC, Issue Tracking, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory, Issue Tracking)
secalert@redhat.com (Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2020-10724?: CVE-2020-10724 is a medium-severity vulnerability in Dpdk Data_plane_development_kit, classified under Integer Overflow or Wraparound. CVSS score: 5.1/10. Published 2020-05-19.
How severe is CVE-2020-10724?: Medium severity. CVSS v3 base score is 5.1 out of 10.