Home

CVE-2018-1059

Description

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.

Risk Information

Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.184

Associated Vulnerability

VulnerabilityOS Platform
set of libraries for fast packet processing (USN-3642-1) dpdk_17.11.2-1ubuntu0.1_i386.debLinux
set of libraries for fast packet processing (USN-3642-1) dpdk_17.11.2-1ubuntu0.1_amd64.debLinux
set of libraries for fast packet processing (USN-3642-2) dpdk_17.05.2-0ubuntu1.1_i386.debLinux
set of libraries for fast packet processing (USN-3642-2) dpdk_17.05.2-0ubuntu1.1_amd64.debLinux
(RHSA-2018:2038) Moderate: dpdk security, bug fix and enhancement update dpdk-17.11-11.el7.x86_64.rpmLinux
(RHSA-2018:2038) Moderate: dpdk security, bug fix and enhancement update dpdk-devel-17.11-11.el7.x86_64.rpmLinux
(RHSA-2018:2038) Moderate: dpdk security, bug fix and enhancement update dpdk-doc-17.11-11.el7.noarch.rpmLinux
(RHSA-2018:2038) Moderate: dpdk security, bug fix and enhancement update dpdk-tools-17.11-11.el7.x86_64.rpmLinux
SUSE-SU-2018:3923-1(SUSE Linux Enterprise Server 12-SP3 ) dpdk-16.11.8-8.10.2.x86_64.rpmLinux
SUSE-SU-2018:3923-1(SUSE Linux Enterprise Server 12-SP3 ) dpdk-debuginfo-16.11.8-8.10.2.x86_64.rpmLinux
SUSE-SU-2018:3923-1(SUSE Linux Enterprise Server 12-SP3 ) dpdk-debugsource-16.11.8-8.10.2.x86_64.rpmLinux
SUSE-SU-2018:3923-1(SUSE Linux Enterprise Server 12-SP3 ) dpdk-kmp-default-16.11.8_k4.4.156_94.64-8.10.2.x86_64.rpmLinux
SUSE-SU-2018:3923-1(SUSE Linux Enterprise Server 12-SP3 ) dpdk-kmp-default-debuginfo-16.11.8_k4.4.156_94.64-8.10.2.x86_64.rpmLinux
SUSE-SU-2018:3923-1(SUSE Linux Enterprise Server 12-SP3 ) dpdk-tools-16.11.8-8.10.2.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234