Unrated severityNVD Advisory· Published Apr 24, 2018· Updated Sep 17, 2024
CVE-2018-1059
CVE-2018-1059
Description
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
Affected products
8- osv-coords7 versionspkg:rpm/opensuse/dpdk&distro=openSUSE%20Tumbleweedpkg:rpm/suse/dpdk&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/dpdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/dpdk&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/dpdk-thunderx&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/dpdk-thunderx&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/dpdk-thunderx&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 19.11.8-2.7+ 6 more
- (no CPE)range: < 19.11.8-2.7
- (no CPE)range: < 16.11.6-8.4.2
- (no CPE)range: < 16.11.6-8.4.2
- (no CPE)range: < 16.11.6-8.4.2
- (no CPE)range: < 16.11.6-8.4.2
- (no CPE)range: < 16.11.6-8.4.2
- (no CPE)range: < 16.11.6-8.4.2
- Red Hat, Inc./DPDKv5Range: before 18.02.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- access.redhat.com/errata/RHSA-2018:1267mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2018:2038mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2018:2102mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2018:2524mitrevendor-advisoryx_refsource_REDHAT
- usn.ubuntu.com/3642-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/3642-2/mitrevendor-advisoryx_refsource_UBUNTU
- access.redhat.com/security/cve/cve-2018-1059mitrex_refsource_MISC
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.