Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1118 | Issue Tracking Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html | Mailing List Third Party Advisory |
https://usn.ubuntu.com/3762-2/ | Third Party Advisory |
https://usn.ubuntu.com/3762-1/ | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2018:3096 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2018:3083 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2018:2948 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2018-05-10 15:29
Updated : 2023-02-12 20:53
NVD link : CVE-2018-1118
Mitre link : CVE-2018-1118
JSON object : View
CWE
CWE-665
Improper Initialization
Products Affected
redhat
- enterprise_linux_desktop
- enterprise_linux_workstation
- virtualization_host
- enterprise_linux_server
canonical
- ubuntu_linux
linux
- linux_kernel
debian
- debian_linux