DEBIAN-CVE-2018-1059

DEBIAN-CVE-2018-1059 PUBLISHED CVSS 6.099999904632568 MEDIUM

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.

Risk Scores

CVSS v3.0

6.099999904632568

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:13	dpdk	0, 0, 0
Debian:12	dpdk	0, 0, 0
Debian:11	dpdk	0, 0, 0
Debian:14	dpdk	0, 0, 0

Timeline

Apr 24, 2018 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2018-1059 advisory

Open in Interactive Console →