Vulnerability CVE-2018-1059
Published: 2018-04-24

Description:
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.

Type:

CWE-200

 (Information Exposure)

CVSS2 => (AV:A/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.9/10
2.9/10
5.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Redhat -> Ceph storage 
Redhat -> Enterprise linux fast datapath 
Redhat -> Openshift 
Redhat -> Openstack 
Redhat -> Virtualization 
Redhat -> Virtualization manager 
Redhat -> Enterprise linux 
Canonical -> Ubuntu linux 

 References:
https://access.redhat.com/errata/RHSA-2018:1267
https://access.redhat.com/errata/RHSA-2018:2038
https://access.redhat.com/errata/RHSA-2018:2102
https://access.redhat.com/errata/RHSA-2018:2524
https://access.redhat.com/security/cve/cve-2018-1059
https://bugzilla.redhat.com/show_bug.cgi?id=1544298
https://usn.ubuntu.com/3642-1/
https://usn.ubuntu.com/3642-2/
Copyright 2024, cxsecurity.com

 

Back to Top