CVE-2018-1118 — Improper Initialization in Kernel

CWE-665 — Improper Initialization CWE-200 — Sensitive Information Exposure14 documents9 sources

Severity

5.5MEDIUMNVD

CNA2.3

EPSS

0.1%

top 70.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Kernel Vhost Canonical Ubuntu Linux +5 more

Timeline

PublishedMay 10

Latest updateMay 13

Description

Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

▶CVEListV5kernel/vhostsince 4.8

▶NVDlinux/linux_kernel4.8 — 4.18

▶Debianlinux/linux_kernel< 4.17.3-1+3

▶Ubuntulinux/linux_kernel< 4.15.0-34.37

▶NVDredhat/virtualization_host4.0

Also affects: Debian Linux 8.0, Ubuntu Linux 16.04, 18.04

🔴Vulnerability Details

GHSA

GHSA-h6c2-frm7-53hm: Linux kernel vhost since version 4↗2022-05-13

▶

OSV

linux-hwe, linux-azure, linux-gcp vulnerabilities↗2018-09-11

▶

OSV

linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2 vulnerabilities↗2018-09-11

▶

Kernel

vhost: fix info leak due to uninitialized memory↗2018-05-12

▶

OSV

CVE-2018-1118: Linux kernel vhost since version 4↗2018-05-10

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2018-09-11

▶

Ubuntu

Linux kernel (HWE) vulnerabilities↗2018-09-11

▶

Red Hat

kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg()↗2018-04-23

▶

Debian

CVE-2018-1118: linux - Linux kernel vhost since version 4.8 does not properly initialize memory in mess...↗2018

▶

💬Community

Bugzilla

CVE-2018-16750 ImageMagick: Memory leak in the formatIPTCfromBuffer function in coders/meta.c↗2018-09-11

▶

Bugzilla

CVE-2018-1118 kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() [fedora-all]↗2018-05-09

▶

Bugzilla

CVE-2018-1118 kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg()↗2018-05-02

▶