CVE-2018-1059

NameCVE-2018-1059
DescriptionThe DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow
Debian Bugs896688

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
dpdk (PTS)stretch (security), stretch16.11.11-1+deb9u2fixed
buster18.11.11-1~deb10u1fixed
buster (security)18.11.6-1~deb10u2fixed
bullseye20.11-7fixed
bookworm, sid20.11.3-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
dpdksourcestretch16.11.6-1+deb9u1
dpdksource(unstable)17.11.2-1896688

Search for package or bug name: Reporting problems