CVE-2018-1059

NameCVE-2018-1059
DescriptionThe DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow (attack range: remote)
Debian Bugs896688

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
dpdk (PTS)stretch16.11.8-1+deb9u1fixed
buster, sid17.11.4-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
dpdksource(unstable)17.11.2-1low896688
dpdksourcestretch16.11.6-1+deb9u1low

Search for package or bug name: Reporting problems