CVE-2018-1059
Severity
6.1MEDIUM
EPSS
0.2%
top 59.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedApr 24
Latest updateMay 13
Description
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
CVSS vector
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 1.6 | Impact: 4.0
Affected Packages9 packages
Also affects: Ubuntu Linux 17.10, 18.04, Enterprise Linux 7.0
🔴Vulnerability Details
3GHSA▶
GHSA-ww8j-hjq3-7m8r: The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Phys↗2022-05-13
CVEList▶
CVE-2018-1059: The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Phys↗2018-04-24
OSV▶
CVE-2018-1059: The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Phys↗2018-04-24
📋Vendor Advisories
4💬Community
5Bugzilla▶
CVE-2018-1059 dpdk: Information exposure in unchecked guest physical to host virtual address translations [fedora-all]↗2018-04-24
Bugzilla▶
CVE-2018-1059 dpdk: Information exposure in unchecked guest physical to host virtual address translations [fedora-all]↗2018-04-24
Bugzilla▶
CVE-2018-1059 dpdk: Information exposure in unchecked guest physical to host virtual address translations [fedora-all]↗2018-04-23
Bugzilla▶
CVE-2018-1059 dpdk: Information exposure in unchecked guest physical to host virtual address translations↗2018-02-12
Bugzilla▶
CVE-2018-6616 openjpeg2: Excessive iteration in openjp2/t1.c:opj_t1_encode_cblks can allow for denial of service via crafted BMP file↗2018-02-06