CVE-2018-1059

EUVD-2018-11712
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
canonicalubuntu_linux
17.10
canonicalubuntu_linux
18.04
redhatceph_storage
3.0
redhatenterprise_linux_fast_datapath
7.0
redhatopenshift
3.0
redhatvirtualization
4.0
redhatvirtualization
4.1
redhatvirtualization_manager
4.1
redhatenterprise_linux
7.0
dpdkdata_plane_development_kit
𝑥
< 18.02.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dpdk
bookworm
22.11.5-1~deb12u1
fixed
bullseye
20.11.10-1~deb11u1
fixed
bullseye (security)
20.11.6-1~deb11u1
fixed
sid
23.11.2-2
fixed
trixie
23.11.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dpdk
artful
Fixed 17.05.2-0ubuntu1.1
released
bionic
Fixed 17.11.2-1ubuntu0.1
released
cosmic
Fixed 17.11.2-1
released
disco
Fixed 17.11.2-1
released
eoan
Fixed 17.11.2-1
released
focal
Fixed 17.11.2-1
released
groovy
Fixed 17.11.2-1
released
hirsute
Fixed 17.11.2-1
released
impish
Fixed 17.11.2-1
released
jammy
Fixed 17.11.2-1
released
kinetic
Fixed 17.11.2-1
released
lunar
Fixed 17.11.2-1
released
mantic
Fixed 17.11.2-1
released
noble
Fixed 17.11.2-1
released
trusty
dne
xenial
needed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2018:1267
https://access.redhat.com/errata/RHSA-2018:2038
https://access.redhat.com/errata/RHSA-2018:2102
https://access.redhat.com/errata/RHSA-2018:2524
https://access.redhat.com/security/cve/cve-2018-1059
https://bugzilla.redhat.com/show_bug.cgi?id=1544298
https://usn.ubuntu.com/3642-1/
https://usn.ubuntu.com/3642-2/
https://access.redhat.com/errata/RHSA-2018:1267
https://access.redhat.com/errata/RHSA-2018:2038
https://access.redhat.com/errata/RHSA-2018:2102
https://access.redhat.com/errata/RHSA-2018:2524
https://access.redhat.com/security/cve/cve-2018-1059
https://bugzilla.redhat.com/show_bug.cgi?id=1544298
https://usn.ubuntu.com/3642-1/
https://usn.ubuntu.com/3642-2/