CVE-2018-1059
6.1
MEDIUM
CVSS 3.1
EPSS 0.18%
Description
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.
How to fix CVE-2018-1059
To remediate CVE-2018-1059, upgrade the affected package to a fixed version below.
- —upgrade to 17.11.2-1 or later
Is CVE-2018-1059 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 17.11.2-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N |