6.1
CVE-2018-1059
- EPSS 0.26%
- Published 24.04.2018 18:29:00
- Last modified 21.11.2024 03:59:05
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
Data is provided by the National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version17.10
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Redhat ≫ Ceph Storage Version3.0
Redhat ≫ Enterprise Linux Fast Datapath Version7.0
Redhat ≫ Virtualization Version4.0
Redhat ≫ Virtualization Version4.1
Redhat ≫ Virtualization Manager Version4.1
Redhat ≫ Enterprise Linux Version7.0
Dpdk ≫ Data Plane Development Kit Version < 18.02.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.488 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 1.6 | 4 |
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
|
| nvd@nist.gov | 2.9 | 5.5 | 2.9 |
AV:A/AC:M/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.