Published: 24/04/2018 Updated: 04/08/2021

CVSS v2 Base Score: 2.9 | Impact Score: 2.9 | Exploitability Score: 5.5

CVSS v3 Base Score: 6.1 | Impact Score: 4 | Exploitability Score: 1.6

VMScore: 258

Vector: AV:A/AC:M/Au:N/C:P/I:N/A:N

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions prior to 18.02.1 are vulnerable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
canonical ubuntu linux 17.10
canonical ubuntu linux 18.04
redhat openstack 10
redhat openstack 9
redhat ceph storage 3.0
redhat openstack 8
redhat enterprise linux fast datapath 7.0
redhat enterprise linux 7.0
redhat openshift 3.0
redhat virtualization manager 4.1
redhat virtualization 4.0
redhat openstack 12
redhat openstack 11
redhat virtualization 4.1
dpdk data plane development kit

Debian Bug report logs - #896688 dpdk: CVE-2018-1059 Package: src:dpdk; Maintainer for src:dpdk is Debian DPDK Maintainers <pkg-dpdk-devel@listsaliothdebianorg>; Reported by: Luca Boccassi <bluca@debianorg> Date: Mon, 23 Apr 2018 15:57:01 UTC Severity: important Tags: security, upstream Found in version dpdk/16 ...

DPDK could be made to expose sensitive information over the network ...

Synopsis Moderate: openvswitch security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for openvswitch is now available for Red Hat OpenStack Platform 120 (Pike)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scor ...

Synopsis Moderate: openvswitch security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for openvswitch is now available for Fast Datapath for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabilit ...

Synopsis Moderate: Red Hat OpenStack Platform 10 Security, Bug Fix, and Enhancement Advisory Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenStack Platform 100 (Newton) for RHEL 7Red Hat Product Security has rated this update as having a security impact of Modera ...

Synopsis Moderate: dpdk security, bug fix and enhancement update Type/Severity Security Advisory: Moderate Topic An update for DPDK is now available for Extras for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scorin ...

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations This may lead to a malicious guest exposing vhost-user backend process memory ...

CWE-200 https://bugzilla.redhat.com/show_bug.cgi?id=1544298 https://access.redhat.com/security/cve/cve-2018-1059 https://access.redhat.com/errata/RHSA-2018:1267 https://usn.ubuntu.com/3642-1/https://usn.ubuntu.com/3642-2/https://access.redhat.com/errata/RHSA-2018:2038 https://access.redhat.com/errata/RHSA-2018:2102 https://access.redhat.com/errata/RHSA-2018:2524 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896688 https://nvd.nist.gov https://usn.ubuntu.com/3642-2/

CVE-2018-1059

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect