{
  "threat_severity" : "Moderate",
  "public_date" : "2020-05-18T00:00:00Z",
  "bugzilla" : {
    "description" : "dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair()",
    "id" : "1828874",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1828874"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.7",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-190",
  "details" : [ "A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption.", "A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption." ],
  "statement" : "This issue did not affect the versions of Ceph as shipped with Red Hat Ceph Storage 3 and 4, as they did not include support for DPDK.",
  "acknowledgement" : "Red Hat would like to thank Ferruh Yigit (Reporter) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Fast Datapath for Red Hat Enterprise Linux 7",
    "release_date" : "2020-05-26T00:00:00Z",
    "advisory" : "RHSA-2020:2296",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::fastdatapath",
    "package" : "openvswitch2.11-0:2.11.0-54.20200327gita4efc59.el7fdp"
  }, {
    "product_name" : "Fast Datapath for Red Hat Enterprise Linux 7",
    "release_date" : "2020-05-26T00:00:00Z",
    "advisory" : "RHSA-2020:2298",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::fastdatapath",
    "package" : "openvswitch-0:2.9.0-130.el7fdp"
  }, {
    "product_name" : "Fast Datapath for Red Hat Enterprise Linux 8",
    "release_date" : "2020-05-26T00:00:00Z",
    "advisory" : "RHSA-2020:2295",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath",
    "package" : "openvswitch2.13-0:2.13.0-25.el8fdp.1"
  }, {
    "product_name" : "Fast Datapath for Red Hat Enterprise Linux 8",
    "release_date" : "2020-05-26T00:00:00Z",
    "advisory" : "RHSA-2020:2297",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath",
    "package" : "openvswitch2.11-0:2.11.0-54.20200327gita4efc59.el8fdp"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7 Extras",
    "release_date" : "2020-06-23T00:00:00Z",
    "advisory" : "RHSA-2020:2683",
    "cpe" : "cpe:/a:redhat:rhel_extras_other:7",
    "package" : "dpdk-0:18.11.8-1.el7_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-11-04T00:00:00Z",
    "advisory" : "RHSA-2020:4806",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "dpdk-0:19.11.3-1.el8"
  }, {
    "product_name" : "Red Hat OpenStack Platform 13.0 (Queens)",
    "release_date" : "2021-03-18T00:00:00Z",
    "advisory" : "RHSA-2021:0931",
    "cpe" : "cpe:/a:redhat:openstack:13::el7",
    "package" : "openvswitch2.11-0:2.11.3-77.el7fdp"
  }, {
    "product_name" : "Red Hat OpenStack Platform 13.0 (Queens)",
    "release_date" : "2021-03-18T00:00:00Z",
    "advisory" : "RHSA-2021:0931",
    "cpe" : "cpe:/a:redhat:openstack:13::el7",
    "package" : "openvswitch-selinux-extra-policy-0:1.0-17.el7fdp"
  }, {
    "product_name" : "Red Hat OpenStack Platform 13.0 (Queens)",
    "release_date" : "2021-03-18T00:00:00Z",
    "advisory" : "RHSA-2021:0931",
    "cpe" : "cpe:/a:redhat:openstack:13::el7",
    "package" : "ovn2.11-0:2.11.1-57.el7fdp"
  }, {
    "product_name" : "Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS",
    "release_date" : "2020-05-26T00:00:00Z",
    "advisory" : "RHSA-2020:2298",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "openvswitch-0:2.9.0-130.el7fdp"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
    "release_date" : "2020-09-30T00:00:00Z",
    "advisory" : "RHSA-2020:4114",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "openvswitch2.11-0:2.11.0-54.20200327gita4efc59.el7fdp"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
    "release_date" : "2020-09-30T00:00:00Z",
    "advisory" : "RHSA-2020:4114",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "ovn2.11-0:2.11.1-44.el7fdp"
  }, {
    "product_name" : "Red Hat Virtualization Engine 4.3",
    "release_date" : "2020-09-30T00:00:00Z",
    "advisory" : "RHSA-2020:4114",
    "cpe" : "cpe:/a:redhat:rhev_manager:4.3",
    "package" : "openvswitch2.11-0:2.11.0-54.20200327gita4efc59.el7fdp"
  }, {
    "product_name" : "Red Hat Virtualization Engine 4.3",
    "release_date" : "2020-09-30T00:00:00Z",
    "advisory" : "RHSA-2020:4114",
    "cpe" : "cpe:/a:redhat:rhev_manager:4.3",
    "package" : "ovn2.11-0:2.11.1-44.el7fdp"
  } ],
  "package_state" : [ {
    "product_name" : "Fast Datapath for RHEL 7",
    "fix_state" : "Will not fix",
    "package_name" : "openvswitch2.10",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 7",
    "fix_state" : "Will not fix",
    "package_name" : "openvswitch2.12",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 7",
    "fix_state" : "Not affected",
    "package_name" : "openvswitch2.13",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::fastdatapath"
  }, {
    "product_name" : "Fast Datapath for RHEL 8",
    "fix_state" : "Will not fix",
    "package_name" : "openvswitch2.12",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8::fastdatapath"
  }, {
    "product_name" : "Red Hat Ceph Storage 3",
    "fix_state" : "Not affected",
    "package_name" : "ceph",
    "cpe" : "cpe:/a:redhat:ceph_storage:3"
  }, {
    "product_name" : "Red Hat Ceph Storage 4",
    "fix_state" : "Not affected",
    "package_name" : "ceph",
    "cpe" : "cpe:/a:redhat:ceph_storage:4"
  }, {
    "product_name" : "Red Hat OpenStack Platform 10 (Newton)",
    "fix_state" : "Out of support scope",
    "package_name" : "openvswitch",
    "cpe" : "cpe:/a:redhat:openstack:10"
  }, {
    "product_name" : "Red Hat OpenStack Platform 13 (Queens)",
    "fix_state" : "Affected",
    "package_name" : "openvswitch",
    "cpe" : "cpe:/a:redhat:openstack:13"
  }, {
    "product_name" : "Red Hat OpenStack Platform 15 (Stein)",
    "fix_state" : "Not affected",
    "package_name" : "rhosp-openvswitch",
    "cpe" : "cpe:/a:redhat:openstack:15"
  }, {
    "product_name" : "Red Hat OpenStack Platform 16 (Train)",
    "fix_state" : "Not affected",
    "package_name" : "rhosp-openvswitch",
    "cpe" : "cpe:/a:redhat:openstack:16"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-10723\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10723\nhttps://bugs.dpdk.org/show_bug.cgi?id=268\nhttps://www.openwall.com/lists/oss-security/2020/05/18/2" ],
  "name" : "CVE-2020-10723",
  "csaw" : false
}