ByteOS Network

NVD Vulnerability Details :

CVE-2018-1059

Modified

Source-secalert@redhat.com

Published At-24 Apr, 2018 | 18:29

Updated At-04 Aug, 2021 | 17:15

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	6.1	MEDIUM	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Primary	2.0	2.9	LOW	AV:A/AC:M/Au:N/C:P/I:N/A:N

Type: Primary

Version: 3.0

Base score: 6.1

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Type: Primary

Version: 2.0

Base score: 2.9

Base severity: LOW

Vector:

AV:A/AC:M/Au:N/C:P/I:N/A:N

CPE Matches

Canonical Ltd.

>>ubuntu_linux>>17.10

cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

Canonical Ltd.

>>ubuntu_linux>>18.04

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Red Hat, Inc.

>>ceph_storage>>3.0

cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux_fast_datapath>>7.0

cpe:2.3:a:redhat:enterprise_linux_fast_datapath:7.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>openshift>>3.0

cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*

Red Hat, Inc.

>>openstack>>8

cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*

Red Hat, Inc.

>>openstack>>9

cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*

Red Hat, Inc.

>>openstack>>10

cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*

Red Hat, Inc.

>>openstack>>11

cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*

Red Hat, Inc.

>>openstack>>12

cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*

Red Hat, Inc.

>>virtualization>>4.0

cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*

Red Hat, Inc.

>>virtualization>>4.1

cpe:2.3:a:redhat:virtualization:4.1:*:*:*:*:*:*:*

Red Hat, Inc.

>>virtualization_manager>>4.1

cpe:2.3:a:redhat:virtualization_manager:4.1:*:*:*:*:*:*:*

Red Hat, Inc.

>>enterprise_linux>>7.0

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

dpdk>>data_plane_development_kit>>Versions before 18.02.1(exclusive)

cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-200	Primary	nvd@nist.gov
CWE-200	Secondary	secalert@redhat.com

CWE ID: CWE-200

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-200

Type: Secondary

Source: secalert@redhat.com

References

Hyperlink	Source	Resource
https://access.redhat.com/errata/RHSA-2018:1267	secalert@redhat.com	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2038	secalert@redhat.com	N/A
https://access.redhat.com/errata/RHSA-2018:2102	secalert@redhat.com	N/A
https://access.redhat.com/errata/RHSA-2018:2524	secalert@redhat.com	N/A
https://access.redhat.com/security/cve/cve-2018-1059	secalert@redhat.com	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1544298	secalert@redhat.com	Issue Tracking Third Party Advisory
https://usn.ubuntu.com/3642-1/	secalert@redhat.com	Third Party Advisory
https://usn.ubuntu.com/3642-2/	secalert@redhat.com	Third Party Advisory