CVE-2018-1059

Sažetak

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=1544298
https://access.redhat.com/security/cve/cve-2018-1059
https://access.redhat.com/errata/RHSA-2018:1267
https://usn.ubuntu.com/3642-1/
https://usn.ubuntu.com/3642-2/
https://access.redhat.com/errata/RHSA-2018:2038
https://access.redhat.com/errata/RHSA-2018:2102
https://access.redhat.com/errata/RHSA-2018:2524

CVSS

Base:	2.9
Impact:	2.9
Exploitability:	5.5

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:A/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

04-08-2021 - 17:15

Objavljeno

24-04-2018 - 18:29