CVE-2018-1059

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
canonicalubuntu_linux
17.10
canonicalubuntu_linux
18.04
redhatceph_storage
3.0
redhatenterprise_linux_fast_datapath
7.0
redhatopenshift
3.0
redhatvirtualization
4.0
redhatvirtualization
4.1
redhatvirtualization_manager
4.1
redhatenterprise_linux
7.0
dpdkdata_plane_development_kit
𝑥
< 18.02.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dpdk
bookworm
22.11.5-1~deb12u1
fixed
bullseye
20.11.10-1~deb11u1
fixed
bullseye (security)
20.11.6-1~deb11u1
fixed
sid
23.11.2-2
fixed
trixie
23.11.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dpdk
artful
Fixed 17.05.2-0ubuntu1.1
released
bionic
Fixed 17.11.2-1ubuntu0.1
released
cosmic
Fixed 17.11.2-1
released
disco
Fixed 17.11.2-1
released
eoan
Fixed 17.11.2-1
released
focal
Fixed 17.11.2-1
released
groovy
Fixed 17.11.2-1
released
hirsute
Fixed 17.11.2-1
released
impish
Fixed 17.11.2-1
released
jammy
Fixed 17.11.2-1
released
kinetic
Fixed 17.11.2-1
released
lunar
Fixed 17.11.2-1
released
mantic
Fixed 17.11.2-1
released
noble
Fixed 17.11.2-1
released
trusty
dne
xenial
needed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
dpdk
suse enterprise sap 12 SP3
16.11.8-8.10.2
fixed
suse enterprise sap 15
17.11.2-1.27
fixed
suse enterprise sap 15 SP1
18.11-2.43
fixed
suse enterprise sap 15 SP2
19.11.1-1.3
fixed
suse enterprise sap 15 SP3
19.11.4-1.105
fixed
suse enterprise sap 15 SP4
19.11.10-150400.2.10
fixed
suse enterprise sap 15 SP5
19.11.10-150500.3.37
fixed
suse enterprise sap 15 SP7
24.11.1-150700.1.17
fixed
suse enterprise server 12 SP3
16.11.8-8.10.2
fixed
suse enterprise server 15
17.11.2-1.27
fixed
suse enterprise server 15 SP1
18.11-2.43
fixed
suse enterprise server 15 SP2
19.11.1-1.3
fixed
suse enterprise server 15 SP3
19.11.4-1.105
fixed
suse enterprise server 15 SP4
19.11.10-150400.2.10
fixed
suse enterprise server 15 SP5
19.11.10-150500.3.37
fixed
suse enterprise server 15 SP7
24.11.1-150700.1.17
fixed
dpdk-devel
suse enterprise sap 15
17.11.2-1.27
fixed
suse enterprise sap 15 SP1
18.11-2.43
fixed
suse enterprise sap 15 SP2
19.11.1-1.3
fixed
suse enterprise sap 15 SP3
19.11.4-1.105
fixed
suse enterprise sap 15 SP4
19.11.10-150400.2.10
fixed
suse enterprise sap 15 SP5
19.11.10-150500.3.37
fixed
suse enterprise sap 15 SP7
24.11.1-150700.1.17
fixed
suse enterprise server 15
17.11.2-1.27
fixed
suse enterprise server 15 SP1
18.11-2.43
fixed
suse enterprise server 15 SP2
19.11.1-1.3
fixed
suse enterprise server 15 SP3
19.11.4-1.105
fixed
suse enterprise server 15 SP4
19.11.10-150400.2.10
fixed
suse enterprise server 15 SP5
19.11.10-150500.3.37
fixed
suse enterprise server 15 SP7
24.11.1-150700.1.17
fixed
dpdk-thunderx
suse enterprise sap 12 SP3
16.11.8-8.10.2
fixed
suse enterprise sap 15 SP2
19.11.1-1.3
fixed
suse enterprise sap 15 SP3
19.11.4-1.94
fixed
suse enterprise sap 15 SP4
19.11.10-150400.2.8
fixed
suse enterprise sap 15 SP5
19.11.10-150500.3.36
fixed
suse enterprise sap 15 SP7
24.11.1-150700.1.15
fixed
suse enterprise server 12 SP3
16.11.8-8.10.2
fixed
suse enterprise server 15 SP2
19.11.1-1.3
fixed
suse enterprise server 15 SP3
19.11.4-1.94
fixed
suse enterprise server 15 SP4
19.11.10-150400.2.8
fixed
suse enterprise server 15 SP5
19.11.10-150500.3.36
fixed
suse enterprise server 15 SP7
24.11.1-150700.1.15
fixed
dpdk-thunderx-devel
suse enterprise sap 15 SP2
19.11.1-1.3
fixed
suse enterprise sap 15 SP3
19.11.4-1.94
fixed
suse enterprise sap 15 SP4
19.11.10-150400.2.8
fixed
suse enterprise sap 15 SP5
19.11.10-150500.3.36
fixed
suse enterprise sap 15 SP7
24.11.1-150700.1.15
fixed
suse enterprise server 15 SP2
19.11.1-1.3
fixed
suse enterprise server 15 SP3
19.11.4-1.94
fixed
suse enterprise server 15 SP4
19.11.10-150400.2.8
fixed
suse enterprise server 15 SP5
19.11.10-150500.3.36
fixed
suse enterprise server 15 SP7
24.11.1-150700.1.15
fixed
dpdk-tools
suse enterprise sap 12 SP3
16.11.8-8.10.2
fixed
suse enterprise sap 15
17.11.2-1.27
fixed
suse enterprise sap 15 SP1
18.11-2.43
fixed
suse enterprise sap 15 SP2
19.11.1-1.3
fixed
suse enterprise sap 15 SP3
19.11.4-1.105
fixed
suse enterprise sap 15 SP4
19.11.10-150400.2.10
fixed
suse enterprise sap 15 SP5
19.11.10-150500.3.37
fixed
suse enterprise sap 15 SP7
24.11.1-150700.1.17
fixed
suse enterprise server 12 SP3
16.11.8-8.10.2
fixed
suse enterprise server 15
17.11.2-1.27
fixed
suse enterprise server 15 SP1
18.11-2.43
fixed
suse enterprise server 15 SP2
19.11.1-1.3
fixed
suse enterprise server 15 SP3
19.11.4-1.105
fixed
suse enterprise server 15 SP4
19.11.10-150400.2.10
fixed
suse enterprise server 15 SP5
19.11.10-150500.3.37
fixed
suse enterprise server 15 SP7
24.11.1-150700.1.17
fixed
libdpdk-17_11-0
suse enterprise sap 15
17.11.2-1.27
fixed
suse enterprise server 15
17.11.2-1.27
fixed
libdpdk-18_11
suse enterprise sap 15 SP1
18.11-2.43
fixed
suse enterprise server 15 SP1
18.11-2.43
fixed
libdpdk-20_0
suse enterprise sap 15 SP2
19.11.1-1.3
fixed
suse enterprise sap 15 SP3
19.11.4-1.105
fixed
suse enterprise sap 15 SP4
19.11.10-150400.2.10
fixed
suse enterprise sap 15 SP5
19.11.10-150500.3.37
fixed
suse enterprise server 15 SP2
19.11.1-1.3
fixed
suse enterprise server 15 SP3
19.11.4-1.105
fixed
suse enterprise server 15 SP4
19.11.10-150400.2.10
fixed
suse enterprise server 15 SP5
19.11.10-150500.3.37
fixed
libdpdk-25
suse enterprise sap 15 SP7
24.11.1-150700.1.17
fixed
suse enterprise server 15 SP7
24.11.1-150700.1.17
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2018:1267
https://access.redhat.com/errata/RHSA-2018:2038
https://access.redhat.com/errata/RHSA-2018:2102
https://access.redhat.com/errata/RHSA-2018:2524
https://access.redhat.com/security/cve/cve-2018-1059
https://bugzilla.redhat.com/show_bug.cgi?id=1544298
https://usn.ubuntu.com/3642-1/
https://usn.ubuntu.com/3642-2/
https://access.redhat.com/errata/RHSA-2018:1267
https://access.redhat.com/errata/RHSA-2018:2038
https://access.redhat.com/errata/RHSA-2018:2102
https://access.redhat.com/errata/RHSA-2018:2524
https://access.redhat.com/security/cve/cve-2018-1059
https://bugzilla.redhat.com/show_bug.cgi?id=1544298
https://usn.ubuntu.com/3642-1/
https://usn.ubuntu.com/3642-2/