CVE-2018-1059

Publication date 24 April 2018

Last updated 18 August 2025

Ubuntu priority

Cvss 3 Severity Score

Description

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
dpdk	25.10 questing	Fixed 17.11.2-1
	25.04 plucky	Fixed 17.11.2-1
	24.10 oracular	Fixed 17.11.2-1
	24.04 LTS noble	Fixed 17.11.2-1
	23.10 mantic	Fixed 17.11.2-1
	23.04 lunar	Fixed 17.11.2-1
	22.10 kinetic	Fixed 17.11.2-1
	22.04 LTS jammy	Fixed 17.11.2-1
	21.10 impish	Fixed 17.11.2-1
	21.04 hirsute	Fixed 17.11.2-1
	20.10 groovy	Fixed 17.11.2-1
	20.04 LTS focal	Fixed 17.11.2-1
	19.10 eoan	Fixed 17.11.2-1
	19.04 disco	Fixed 17.11.2-1
	18.10 cosmic	Fixed 17.11.2-1
	18.04 LTS bionic	Fixed 17.11.2-1ubuntu0.1
	17.10 artful	Fixed 17.05.2-0ubuntu1.1
	16.04 LTS xenial	Vulnerable
	14.04 LTS trusty	Not in release

Severity score breakdown

Parameter	Value
Base score	6.1 · Medium
Attack vector	Adjacent
Attack complexity	High
Privileges required	None
User interaction	None
Scope	Changed
Confidentiality	High
Integrity impact	None
Availability impact	None
Vector	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

CVE-2018-1059

Cvss 3 Severity Score

Description

Status

Severity score breakdown

References

Related Ubuntu Security Notices (USN)

Other references