Vulnerability Details : CVE-2018-1059
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
Vulnerability category: Information leak
Products affected by CVE-2018-1059
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*
- cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:virtualization:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:enterprise_linux_fast_datapath:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:virtualization_manager:4.1:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
- cpe:2.3:a:dpdk:data_plane_development_kit:*:*:*:*:*:*:*:*
Threat overview for CVE-2018-1059
Top countries where our scanners detected CVE-2018-1059
Top open port discovered on systems with this issue
53
IPs affected by CVE-2018-1059 637,340
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2018-1059!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2018-1059
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1059
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.9
|
LOW | AV:A/AC:M/Au:N/C:P/I:N/A:N |
5.5
|
2.9
|
NIST | |
6.1
|
MEDIUM | CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N |
1.6
|
4.0
|
NIST |
CWE ids for CVE-2018-1059
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)
References for CVE-2018-1059
-
https://access.redhat.com/errata/RHSA-2018:1267
RHSA-2018:1267 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/security/cve/cve-2018-1059
CVE-2018-1059 - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2524
RHSA-2018:2524 - Security Advisory - Red Hat Customer Portal
-
https://bugzilla.redhat.com/show_bug.cgi?id=1544298
1544298 – (CVE-2018-1059) CVE-2018-1059 dpdk: Information exposure in unchecked guest physical to host virtual address translationsIssue Tracking;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2038
RHSA-2018:2038 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2018:2102
RHSA-2018:2102 - Security Advisory - Red Hat Customer Portal
-
https://usn.ubuntu.com/3642-2/
USN-3642-2: DPDK vulnerability | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/3642-1/
USN-3642-1: DPDK vulnerability | Ubuntu security noticesThird Party Advisory
Jump to