CVE-2018-1059

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-1059
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1059.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-1059
Related
Published
2018-04-24T18:29:00Z
Modified
2024-09-18T01:00:22Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.

References

Affected packages

Debian:11 / dpdk

Package

Name
dpdk
Purl
pkg:deb/debian/dpdk?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.11.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / dpdk

Package

Name
dpdk
Purl
pkg:deb/debian/dpdk?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.11.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / dpdk

Package

Name
dpdk
Purl
pkg:deb/debian/dpdk?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.11.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}