CVE-2019-14818

A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition.

Weakness

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Affected Software

Name	Vendor	Start Version	End Version
Data_plane_development_kit	Dpdk	16.04 (including)	16.11.10 (excluding)
Data_plane_development_kit	Dpdk	17.02 (including)	17.11.8 (excluding)
Data_plane_development_kit	Dpdk	18.02 (including)	18.11.4 (excluding)
Data_plane_development_kit	Dpdk	19.02 (including)	19.08.1 (excluding)
Fast Datapath for Red Hat Enterprise Linux 7	RedHat	openvswitch-0:2.9.0-124.el7fdp	*
Fast Datapath for Red Hat Enterprise Linux 7	RedHat	openvswitch2.11-0:2.11.0-35.el7fdp	*
Fast Datapath for Red Hat Enterprise Linux 7	RedHat	openvswitch2.12-0:2.12.0-12.el7fdp	*
Fast Datapath for Red Hat Enterprise Linux 8	RedHat	openvswitch2.11-0:2.11.0-35.el8fdp	*
Fast Datapath for Red Hat Enterprise Linux 8	RedHat	openvswitch2.12-0:2.12.0-12.el8fdp	*
Red Hat Enterprise Linux 7 Extras	RedHat	dpdk-0:18.11.5-1.el7_8	*
Red Hat Enterprise Linux 8	RedHat	dpdk-0:19.11-4.el8	*
Red Hat OpenStack Platform 13.0 (Queens)	RedHat	ansible-role-redhat-subscription-0:1.0.4-2.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens)	RedHat	openstack-manila-1:6.3.2-1.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens)	RedHat	openstack-octavia-ui-0:1.0.2-1.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens)	RedHat	openstack-tempest-1:18.0.0-13.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens)	RedHat	openvswitch2.11-0:2.11.0-35.el7fdp	*
Red Hat OpenStack Platform 13.0 (Queens)	RedHat	python-barbican-tests-tempest-0:0.1.0-0.20180828144800.b8bf147.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens)	RedHat	python-hardware-0:0.23.0-0.20200117070144.59211cc.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens)	RedHat	python-keystoneauth1-0:3.4.1-2.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens)	RedHat	python-keystonemiddleware-0:4.22.0-1.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens)	RedHat	python-neutron-lib-0:1.13.0-2.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens)	RedHat	python-novajoin-0:1.3.0-1.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens)	RedHat	python-octavia-tests-tempest-0:1.1.0-1.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens)	RedHat	python-openstackclient-0:3.14.3-5.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens)	RedHat	python-openstacksdk-0:0.11.4-1.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens)	RedHat	python-os-testr-0:1.0.1-0.20200218144109.7dd678e.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens)	RedHat	python-os-vif-0:1.9.2-1.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens)	RedHat	python-ovsdbapp-0:0.10.4-2.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens)	RedHat	python-tempestconf-0:2.4.0-1.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens)	RedHat	rabbitmq-server-0:3.6.15-6.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens)	RedHat	rhosp-release-0:13.0.11-1.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS	RedHat	ansible-role-redhat-subscription-0:1.0.4-2.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS	RedHat	openstack-manila-1:6.3.2-1.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS	RedHat	openstack-octavia-ui-0:1.0.2-1.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS	RedHat	openstack-tempest-1:18.0.0-13.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS	RedHat	python-barbican-tests-tempest-0:0.1.0-0.20180828144800.b8bf147.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS	RedHat	python-hardware-0:0.23.0-0.20200117070144.59211cc.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS	RedHat	python-keystoneauth1-0:3.4.1-2.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS	RedHat	python-keystonemiddleware-0:4.22.0-1.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS	RedHat	python-neutron-lib-0:1.13.0-2.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS	RedHat	python-novajoin-0:1.3.0-1.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS	RedHat	python-octavia-tests-tempest-0:1.1.0-1.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS	RedHat	python-openstackclient-0:3.14.3-5.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS	RedHat	python-openstacksdk-0:0.11.4-1.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS	RedHat	python-os-testr-0:1.0.1-0.20200218144109.7dd678e.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS	RedHat	python-os-vif-0:1.9.2-1.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS	RedHat	python-ovsdbapp-0:0.10.4-2.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS	RedHat	python-tempestconf-0:2.4.0-1.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS	RedHat	rabbitmq-server-0:3.6.15-6.el7ost	*
Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS	RedHat	rhosp-release-0:13.0.11-1.el7ost	*
Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS	RedHat	openvswitch-0:2.9.0-124.el7fdp	*
Dpdk	Ubuntu	bionic	*
Dpdk	Ubuntu	disco	*
Dpdk	Ubuntu	eoan	*
Dpdk	Ubuntu	esm-infra/xenial	*
Dpdk	Ubuntu	trusty	*
Dpdk	Ubuntu	xenial	*

Potential Mitigations

Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
For example, glibc in Linux provides protection against free of invalid pointers.
When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.

NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-14818
CWE	https://cwe.mitre.org/data/definitions/401.html

Missing Release of Memory after Effective Lifetime

Weakness

Affected Software

Potential Mitigations

References