Vulnerability CVE-2018-1059


Published: 2018-04-24

Description:
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.

Type:

CWE-200

(Information Exposure)

Vendor: Redhat
Product: Openstack 
Version:
9.0
8.0
12.0
11.0
10.0
Product: Enterprise linux fast datapath 
Version: 7.0;
Product: Enterprise linux 
Version: 7.0;
Product: Virtualization 
Version: 4.1; 4.0;
Product: Virtualization manager 
Version: 4.1;
Product: Ceph storage 
Version: 3.0;
Product: Openshift 
Version: 3.0;
Vendor: Canonical
Product: Ubuntu linux 
Version: 18.04; 17.10;

CVSS2 => (AV:A/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.9/10
2.9/10
5.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
https://access.redhat.com/errata/RHSA-2018:1267
https://access.redhat.com/errata/RHSA-2018:2038
https://access.redhat.com/errata/RHSA-2018:2102
https://access.redhat.com/errata/RHSA-2018:2524
https://access.redhat.com/security/cve/cve-2018-1059
https://bugzilla.redhat.com/show_bug.cgi?id=1544298
https://usn.ubuntu.com/3642-1/
https://usn.ubuntu.com/3642-2/

Related CVE
CVE-2018-19543
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.
CVE-2018-19542
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.
CVE-2018-19541
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c.
CVE-2018-19149
Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment.
CVE-2018-19060
An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path.
CVE-2018-19059
An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts.
CVE-2018-19058
An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file.
CVE-2018-16844
nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the '...

Copyright 2018, cxsecurity.com

 

Back to Top