Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2018:2948 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2018:3083 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2018:3096 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1118 | Issue Tracking Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html | Mailing List Third Party Advisory |
https://usn.ubuntu.com/3762-1/ | Third Party Advisory |
https://usn.ubuntu.com/3762-2/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2018-05-10T22:00:00
Updated: 2018-10-31T09:57:01
Reserved: 2017-12-04T00:00:00
Link: CVE-2018-1118
JSON object: View
NVD Information
Status : Modified
Published: 2018-05-10T22:29:00.260
Modified: 2023-02-13T04:53:18.467
Link: CVE-2018-1118
JSON object: View
Redhat Information
No data.