The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2018:1267 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2018:2038 | |
https://access.redhat.com/errata/RHSA-2018:2102 | |
https://access.redhat.com/errata/RHSA-2018:2524 | |
https://access.redhat.com/security/cve/cve-2018-1059 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1544298 | Issue Tracking Third Party Advisory |
https://usn.ubuntu.com/3642-1/ | Third Party Advisory |
https://usn.ubuntu.com/3642-2/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
04 Aug 2021, 17:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:redhat:openstack:12.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack:10.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack:8.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack:9.0:*:*:*:*:*:*:* |
cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:* |
Information
Published : 2018-04-24 18:29
Updated : 2024-02-04 19:46
NVD link : CVE-2018-1059
Mitre link : CVE-2018-1059
CVE.ORG link : CVE-2018-1059
JSON object : View
Products Affected
redhat
- openshift
- ceph_storage
- virtualization
- virtualization_manager
- openstack
- enterprise_linux_fast_datapath
- enterprise_linux
dpdk
- data_plane_development_kit
canonical
- ubuntu_linux
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor