Information disclosure in Dpdk Data_plane_development_kit
CVE-2018-1059
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest…
Vulnerability class: Information Disclosure
EPSS: 0.009 (54.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N.
Affected products
- Dpdk Data_plane_development_kit
- Red Hat, Inc. Dpdk — versions before 18.02.1
- Canonical Ubuntu_linux — versions 17.10, 18.04
- Redhat Ceph_storage — versions 3.0
- Redhat Enterprise_linux — versions 7.0
- Redhat Enterprise_linux_fast_datapath — versions 7.0
- Redhat Openshift — versions 3.0
- Redhat Openstack — versions 8, 9, 10
- Redhat Virtualization — versions 4.0, 4.1
- Redhat Virtualization_manager — versions 4.1
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (Third Party Advisory, x_refsource_MISC)
- secalert@redhat.com (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory, Issue Tracking)
Frequently asked questions
- What is CVE-2018-1059?
- CVE-2018-1059 is a medium-severity vulnerability in Dpdk Data_plane_development_kit, classified under Information Disclosure. CVSS score: 6.1/10. Published 2018-04-24.
- How severe is CVE-2018-1059?
- Medium severity. CVSS v3 base score is 6.1 out of 10.