CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS
Percentile
51.6%
The DPDK vhost-user interface does not check to verify that all the
requested guest physical range is mapped and contiguous when performing
Guest Physical Addresses to Host Virtual Addresses translations. This may
lead to a malicious guest exposing vhost-user backend process memory. All
versions before 18.02.1 are vulnerable.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 17.10 | noarch | dpdk | < 17.05.2-0ubuntu1.1 | UNKNOWN |
ubuntu | 18.04 | noarch | dpdk | < 17.11.2-1ubuntu0.1 | UNKNOWN |
ubuntu | 18.10 | noarch | dpdk | < 17.11.2-1 | UNKNOWN |
ubuntu | 19.04 | noarch | dpdk | < 17.11.2-1 | UNKNOWN |
ubuntu | 19.10 | noarch | dpdk | < 17.11.2-1 | UNKNOWN |
ubuntu | 20.04 | noarch | dpdk | < 17.11.2-1 | UNKNOWN |
ubuntu | 20.10 | noarch | dpdk | < 17.11.2-1 | UNKNOWN |
ubuntu | 21.04 | noarch | dpdk | < 17.11.2-1 | UNKNOWN |
ubuntu | 21.10 | noarch | dpdk | < 17.11.2-1 | UNKNOWN |
ubuntu | 22.04 | noarch | dpdk | < 17.11.2-1 | UNKNOWN |
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS
Percentile
51.6%