Note:
This project will be discontinued after December 13, 2021. [more]
2018-05-10
Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.
| Products | Ubuntu_linux, Debian_linux, Linux_kernel, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Virtualization_host |
| Type | Improper Initialization (CWE-665) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://access.redhat.com/errata/RHSA-2018:2948
• https://access.redhat.com/errata/RHSA-2018:3083 • https://access.redhat.com/errata/RHSA-2018:3096 • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1118 • https://usn.ubuntu.com/3762-1/ |