CVE-2018-1059

NameCVE-2018-1059
DescriptionThe DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs896688

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
dpdk (PTS)stretch (security)16.11.11-1+deb9u2fixed
stretch (lts), stretch16.11.11-1+deb9u3fixed
buster (security), buster, buster (lts)18.11.11-1~deb10u2fixed
bullseye20.11.10-1~deb11u1fixed
bullseye (security)20.11.6-1~deb11u1fixed
bookworm22.11.6-1~deb12u1fixed
sid, trixie23.11.2-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
dpdksourcestretch16.11.6-1+deb9u1
dpdksource(unstable)17.11.2-1896688

Search for package or bug name: Reporting problems