Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-1059

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.

Published

2018-04-24T18:29:00.233

Last Modified

2024-11-21T03:59:05.420

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.1 (MEDIUM)

CVSSv2 Vector

AV:A/AC:M/Au:N/C:P/I:N/A:N

Access Vector: ADJACENT_NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

5.5

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-200
Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	canonical	ubuntu_linux	17.10	Yes
Operating System	canonical	ubuntu_linux	18.04	Yes
Application	redhat	ceph_storage	3.0	Yes
Application	redhat	enterprise_linux_fast_datapath	7.0	Yes
Application	redhat	openshift	3.0	Yes
Application	redhat	openstack	8	Yes
Application	redhat	openstack	9	Yes
Application	redhat	openstack	10	Yes
Application	redhat	openstack	11	Yes
Application	redhat	openstack	12	Yes
Application	redhat	virtualization	4.0	Yes
Application	redhat	virtualization	4.1	Yes
Application	redhat	virtualization_manager	4.1	Yes
Operating System	redhat	enterprise_linux	7.0	Yes
Application	dpdk	data_plane_development_kit	< 18.02.1	Yes

References

https://access.redhat.com/errata/RHSA-2018:1267 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:2038 ([email protected])
https://access.redhat.com/errata/RHSA-2018:2102 ([email protected])
https://access.redhat.com/errata/RHSA-2018:2524 ([email protected])
https://access.redhat.com/security/cve/cve-2018-1059 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1544298 Issue Tracking, Third Party Advisory ([email protected])
https://usn.ubuntu.com/3642-1/ Third Party Advisory ([email protected])
https://usn.ubuntu.com/3642-2/ Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:1267 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:2038 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:2102 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:2524 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/cve-2018-1059 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1544298 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3642-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3642-2/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)