CVE-2018-1059

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:enterprise_linux_fast_datapath:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization:4.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization_manager:4.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*

History

04 Aug 2021, 17:15

Type Values Removed Values Added
CPE cpe:2.3:a:redhat:openstack:11.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:12.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:10.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:9.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*

Information

Published : 2018-04-24 18:29

Updated : 2024-02-04 19:46


NVD link : CVE-2018-1059

Mitre link : CVE-2018-1059

CVE.ORG link : CVE-2018-1059


JSON object : View

Products Affected

redhat

  • openshift
  • ceph_storage
  • virtualization
  • virtualization_manager
  • openstack
  • enterprise_linux_fast_datapath
  • enterprise_linux

dpdk

  • data_plane_development_kit

canonical

  • ubuntu_linux
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor