CVE-2018-1059

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:enterprise_linux_fast_datapath:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization:4.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization_manager:4.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:59

Type Values Removed Values Added
References () https://access.redhat.com/errata/RHSA-2018:1267 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2018:1267 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2018:2038 - () https://access.redhat.com/errata/RHSA-2018:2038 -
References () https://access.redhat.com/errata/RHSA-2018:2102 - () https://access.redhat.com/errata/RHSA-2018:2102 -
References () https://access.redhat.com/errata/RHSA-2018:2524 - () https://access.redhat.com/errata/RHSA-2018:2524 -
References () https://access.redhat.com/security/cve/cve-2018-1059 - Third Party Advisory () https://access.redhat.com/security/cve/cve-2018-1059 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=1544298 - Issue Tracking, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=1544298 - Issue Tracking, Third Party Advisory
References () https://usn.ubuntu.com/3642-1/ - Third Party Advisory () https://usn.ubuntu.com/3642-1/ - Third Party Advisory
References () https://usn.ubuntu.com/3642-2/ - Third Party Advisory () https://usn.ubuntu.com/3642-2/ - Third Party Advisory

04 Aug 2021, 17:15

Type Values Removed Values Added
CPE cpe:2.3:a:redhat:openstack:11.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:12.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:10.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:9.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*

Information

Published : 2018-04-24 18:29

Updated : 2024-11-21 03:59


NVD link : CVE-2018-1059

Mitre link : CVE-2018-1059

CVE.ORG link : CVE-2018-1059


JSON object : View

Products Affected

redhat

  • openshift
  • ceph_storage
  • virtualization
  • virtualization_manager
  • openstack
  • enterprise_linux_fast_datapath
  • enterprise_linux

dpdk

  • data_plane_development_kit

canonical

  • ubuntu_linux
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor