CVE-2018-1059

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1059

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1059.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-1059

Downstream

DEBIAN-CVE-2018-1059

RHEA-2018:1547

RHSA-2018:1267

RHSA-2018:2038

RHSA-2018:2102

RHSA-2018:2524

SUSE-SU-2018:1492-1

SUSE-SU-2018:3923-1

UBUNTU-CVE-2018-1059

USN-3642-1

openSUSE-SU-2024:10727-1

Related

Published

2018-04-24T18:29:00Z

Modified

2025-08-09T20:01:25Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.

References

Affected packages