Vulnerabilities > CVE-2018-1059 - Information Exposure vulnerability in multiple products

047910
CVSS 6.1 - MEDIUM
Attack vector
ADJACENT_NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
high complexity
canonical
redhat
dpdk
CWE-200
nessus

Summary

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.

Vulnerable Configurations

Part Description Count
OS
Canonical
2
OS
Redhat
1
Application
Redhat
11
Application
Dpdk
41

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1492-1.NASL
    descriptionThis update fixes the following issues : - CVE-2018-1059: The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable. (bsc#1089638). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110310
    published2018-06-04
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110310
    titleSUSE SLES12 Security Update : dpdk-thunderxdpdk (SUSE-SU-2018:1492-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:1492-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(110310);
      script_version("1.5");
      script_cvs_date("Date: 2019/09/10 13:51:47");
    
      script_cve_id("CVE-2018-1059");
    
      script_name(english:"SUSE SLES12 Security Update : dpdk-thunderxdpdk (SUSE-SU-2018:1492-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes the following issues :
    
      - CVE-2018-1059: The DPDK vhost-user interface does not
        check to verify that all the requested guest physical
        range is mapped and contiguous when performing Guest
        Physical Addresses to Host Virtual Addresses
        translations. This may lead to a malicious guest
        exposing vhost-user backend process memory. All versions
        before 18.02.1 are vulnerable. (bsc#1089638).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1089638"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1059/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20181492-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?8808a6ca"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
    patch SUSE-SLE-SDK-12-SP3-2018-1017=1
    
    SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2018-1017=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:P/I:N/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dpdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dpdk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dpdk-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dpdk-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dpdk-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dpdk-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/06/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"dpdk-16.11.6-8.4.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"dpdk-debuginfo-16.11.6-8.4.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"dpdk-debugsource-16.11.6-8.4.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"dpdk-tools-16.11.6-8.4.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"dpdk-kmp-default-16.11.6_k4.4.126_94.22-8.4.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"dpdk-kmp-default-debuginfo-16.11.6_k4.4.126_94.22-8.4.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dpdk-thunderxdpdk");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3923-1.NASL
    descriptionThis update for dpdk to version 16.11.8 provides the following security fix : CVE-2018-1059: restrict untrusted guest to misuse virtio to corrupt host application (ovs-dpdk) memory which could have lead all VM to lose connectivity (bsc#1089638) and following non-security fixes: Enable the broadcom chipset family Broadcom NetXtreme II BCM57810 (bsc#1073363) Fix a latency problem by using cond_resched rather than schedule_timeout_interruptible (bsc#1069601) Fix a syntax error affecting csh environment configuration (bsc#1102310) Fixes in net/bnxt : - Fix HW Tx checksum offload check - Fix incorrect IO address handling in Tx - Fix Rx ring count limitation - Check access denied for HWRM commands - Fix RETA size - Fix close operation Fixes in eal/linux : - Fix an invalid syntax in interrupts - Fix return codes on thread naming failure Fixes in kni : - Fix crash with null name - Fix build with gcc 8.1 Fixes in net/thunderx : - Fix build with gcc optimization on - Avoid sq door bell write on zero packet net/bonding: Fix MAC address reset vhost: Fix missing increment of log cache count Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id119283
    published2018-11-29
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119283
    titleSUSE SLES12 Security Update : dpdk (SUSE-SU-2018:3923-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:3923-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119283);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/24");
    
      script_cve_id("CVE-2018-1059");
    
      script_name(english:"SUSE SLES12 Security Update : dpdk (SUSE-SU-2018:3923-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "This update for dpdk to version 16.11.8 provides the following
    security fix :
    
    CVE-2018-1059: restrict untrusted guest to misuse virtio to corrupt
    host application (ovs-dpdk) memory which could have lead all VM to
    lose connectivity (bsc#1089638)
    
    and following non-security fixes: Enable the broadcom chipset family
    Broadcom NetXtreme II BCM57810 (bsc#1073363)
    
    Fix a latency problem by using cond_resched rather than
    schedule_timeout_interruptible (bsc#1069601)
    
    Fix a syntax error affecting csh environment configuration
    (bsc#1102310)
    
    Fixes in net/bnxt :
    
      - Fix HW Tx checksum offload check
    
      - Fix incorrect IO address handling in Tx
    
      - Fix Rx ring count limitation
    
      - Check access denied for HWRM commands
    
      - Fix RETA size
    
      - Fix close operation
    
    Fixes in eal/linux :
    
      - Fix an invalid syntax in interrupts
    
      - Fix return codes on thread naming failure
    
    Fixes in kni :
    
      - Fix crash with null name
    
      - Fix build with gcc 8.1
    
    Fixes in net/thunderx :
    
      - Fix build with gcc optimization on
    
      - Avoid sq door bell write on zero packet
    
    net/bonding: Fix MAC address reset
    
    vhost: Fix missing increment of log cache count
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1069601"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1073363"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1089638"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1102310"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1059/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20183923-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6889f865"
      );
      script_set_attribute(
        attribute:"solution",
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
    patch SUSE-SLE-SDK-12-SP3-2018-2795=1
    
    SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2018-2795=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dpdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dpdk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dpdk-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dpdk-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dpdk-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:dpdk-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"dpdk-16.11.8-8.10.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"dpdk-debuginfo-16.11.8-8.10.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"dpdk-debugsource-16.11.8-8.10.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"dpdk-tools-16.11.8-8.10.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"dpdk-kmp-default-16.11.8_k4.4.156_94.64-8.10.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"dpdk-kmp-default-debuginfo-16.11.8_k4.4.156_94.64-8.10.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dpdk");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2038.NASL
    descriptionAn update for DPDK is now available for Extras for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. Security Fix(es) : * dpdk: Information exposure in unchecked guest physical to host virtual address translations (CVE-2018-1059) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Maxime Coquelin (Red Hat).
    last seen2020-06-01
    modified2020-06-02
    plugin id110716
    published2018-06-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110716
    titleRHEL 7 : dpdk (RHSA-2018:2038)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:2038. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(110716);
      script_version("1.6");
      script_cvs_date("Date: 2019/10/24 15:35:45");
    
      script_cve_id("CVE-2018-1059");
      script_xref(name:"RHSA", value:"2018:2038");
    
      script_name(english:"RHEL 7 : dpdk (RHSA-2018:2038)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for DPDK is now available for Extras for Red Hat Enterprise
    Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The dpdk packages provide the Data Plane Development Kit, which is a
    set of libraries and drivers for fast packet processing in the user
    space.
    
    Security Fix(es) :
    
    * dpdk: Information exposure in unchecked guest physical to host
    virtual address translations (CVE-2018-1059)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section.
    
    This issue was discovered by Maxime Coquelin (Red Hat)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2018:2038"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-1059"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:P/I:N/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:dpdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:dpdk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:dpdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:dpdk-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:dpdk-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/06/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/27");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2018:2038";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_NOTE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"dpdk-17.11-11.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"dpdk-debuginfo-17.11-11.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"dpdk-devel-17.11-11.el7")) flag++;
      if (rpm_check(release:"RHEL7", reference:"dpdk-doc-17.11-11.el7")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"dpdk-tools-17.11-11.el7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_NOTE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dpdk / dpdk-debuginfo / dpdk-devel / dpdk-doc / dpdk-tools");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1484.NASL
    descriptionThis update for dpdk to version 16.11.8 provides the following security fix : - CVE-2018-1059: restrict untrusted guest to misuse virtio to corrupt host application (ovs-dpdk) memory which could have lead all VM to lose connectivity (bsc#1089638) and following non-security fixes : - Enable the broadcom chipset family Broadcom NetXtreme II BCM57810 (bsc#1073363) - Fix a latency problem by using cond_resched rather than schedule_timeout_interruptible (bsc#1069601) - Fix a syntax error affecting csh environment configuration (bsc#1102310) - Fixes in net/bnxt : - Fix HW Tx checksum offload check - Fix incorrect IO address handling in Tx - Fix Rx ring count limitation - Check access denied for HWRM commands - Fix RETA size - Fix close operation - Fixes in eal/linux : - Fix an invalid syntax in interrupts - Fix return codes on thread naming failure - Fixes in kni : - Fix crash with null name - Fix build with gcc 8.1 - Fixes in net/thunderx : - Fix build with gcc optimization on - Avoid sq door bell write on zero packet - net/bonding: Fix MAC address reset - vhost: Fix missing increment of log cache count This update was imported from the SUSE:SLE-12-SP3:Update update project.
    last seen2020-06-05
    modified2018-12-07
    plugin id119492
    published2018-12-07
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119492
    titleopenSUSE Security Update : dpdk (openSUSE-2018-1484)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2018-1484.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119492);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-1059");
    
      script_name(english:"openSUSE Security Update : dpdk (openSUSE-2018-1484)");
      script_summary(english:"Check for the openSUSE-2018-1484 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for dpdk to version 16.11.8 provides the following
    security fix :
    
      - CVE-2018-1059: restrict untrusted guest to misuse virtio
        to corrupt host application (ovs-dpdk) memory which
        could have lead all VM to lose connectivity
        (bsc#1089638)
    
    and following non-security fixes :
    
      - Enable the broadcom chipset family Broadcom NetXtreme II
        BCM57810 (bsc#1073363)
    
      - Fix a latency problem by using cond_resched rather than
        schedule_timeout_interruptible (bsc#1069601)
    
      - Fix a syntax error affecting csh environment
        configuration (bsc#1102310)
    
      - Fixes in net/bnxt :
    
      - Fix HW Tx checksum offload check
    
      - Fix incorrect IO address handling in Tx
    
      - Fix Rx ring count limitation
    
      - Check access denied for HWRM commands
    
      - Fix RETA size
    
      - Fix close operation
    
      - Fixes in eal/linux :
    
      - Fix an invalid syntax in interrupts
    
      - Fix return codes on thread naming failure
    
      - Fixes in kni :
    
      - Fix crash with null name
    
      - Fix build with gcc 8.1
    
      - Fixes in net/thunderx :
    
      - Fix build with gcc optimization on
    
      - Avoid sq door bell write on zero packet
    
      - net/bonding: Fix MAC address reset
    
      - vhost: Fix missing increment of log cache count
    
    This update was imported from the SUSE:SLE-12-SP3:Update update
    project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1069601"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1073363"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1089638"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1102310"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected dpdk packages.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dpdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dpdk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dpdk-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dpdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dpdk-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dpdk-examples");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dpdk-examples-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dpdk-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dpdk-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dpdk-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/12/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.3", reference:"dpdk-16.11.8-6.8.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"dpdk-debuginfo-16.11.8-6.8.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"dpdk-debugsource-16.11.8-6.8.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"dpdk-devel-16.11.8-6.8.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"dpdk-devel-debuginfo-16.11.8-6.8.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"dpdk-examples-16.11.8-6.8.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"dpdk-examples-debuginfo-16.11.8-6.8.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"dpdk-tools-16.11.8-6.8.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"dpdk-kmp-default-16.11.8_k4.4.162_78-6.8.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"dpdk-kmp-default-debuginfo-16.11.8_k4.4.162_78-6.8.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dpdk / dpdk-debuginfo / dpdk-debugsource / dpdk-devel / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-558.NASL
    descriptionThis update fixes the following issues : - CVE-2018-1059: The DPDK vhost-user interface did not check to verify that all the requested guest physical range was mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may have lead to a malicious guest exposing vhost-user backend process memory (bsc#1089638). This update was imported from the SUSE:SLE-12-SP3:Update update project.
    last seen2020-06-05
    modified2018-06-06
    plugin id110336
    published2018-06-06
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110336
    titleopenSUSE Security Update : dpdk-thunderxdpdk (openSUSE-2018-558)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2018-558.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(110336);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-1059");
    
      script_name(english:"openSUSE Security Update : dpdk-thunderxdpdk (openSUSE-2018-558)");
      script_summary(english:"Check for the openSUSE-2018-558 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes the following issues :
    
      - CVE-2018-1059: The DPDK vhost-user interface did not
        check to verify that all the requested guest physical
        range was mapped and contiguous when performing Guest
        Physical Addresses to Host Virtual Addresses
        translations. This may have lead to a malicious guest
        exposing vhost-user backend process memory
        (bsc#1089638). This update was imported from the
        SUSE:SLE-12-SP3:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1089638"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected dpdk-thunderxdpdk packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:P/I:N/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dpdk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dpdk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dpdk-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dpdk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dpdk-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dpdk-examples");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dpdk-examples-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dpdk-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dpdk-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dpdk-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/06/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.3", reference:"dpdk-16.11.6-6.5.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"dpdk-debuginfo-16.11.6-6.5.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"dpdk-debugsource-16.11.6-6.5.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"dpdk-devel-16.11.6-6.5.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"dpdk-devel-debuginfo-16.11.6-6.5.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"dpdk-examples-16.11.6-6.5.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"dpdk-examples-debuginfo-16.11.6-6.5.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"dpdk-tools-16.11.6-6.5.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"dpdk-kmp-default-16.11.6_k4.4.132_53-6.5.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"dpdk-kmp-default-debuginfo-16.11.6_k4.4.132_53-6.5.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dpdk / dpdk-debuginfo / dpdk-debugsource / dpdk-devel / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3642-2.NASL
    descriptionUSN-3642-1 fixed a vulnerability in DPDK. This update provides the corresponding update for Ubuntu 17.10. Original advisory details : Maxime Coquelin discovered that DPDK incorrectly handled guest physical ranges. A malicious guest could use this issue to possibly access sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109892
    published2018-05-17
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109892
    titleUbuntu 17.10 : dpdk vulnerability (USN-3642-2)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3642-2. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(109892);
      script_version("1.5");
      script_cvs_date("Date: 2019/09/18 12:31:48");
    
      script_cve_id("CVE-2018-1059");
      script_xref(name:"USN", value:"3642-2");
    
      script_name(english:"Ubuntu 17.10 : dpdk vulnerability (USN-3642-2)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-3642-1 fixed a vulnerability in DPDK. This update provides the
    corresponding update for Ubuntu 17.10.
    
    Original advisory details :
    
    Maxime Coquelin discovered that DPDK incorrectly handled guest
    physical ranges. A malicious guest could use this issue to possibly
    access sensitive information.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3642-2/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected dpdk package.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:P/I:N/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dpdk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/05/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(17\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 17.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"17.10", pkgname:"dpdk", pkgver:"17.05.2-0ubuntu1.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_NOTE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dpdk");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1267.NASL
    descriptionAn update for openvswitch is now available for Fast Datapath for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 24 July 2018] This advisory has been updated to provide the openvswitch packages also for the IBM POWER, little endian architecture. Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Security Fix(es) : * dpdk: Information exposure in unchecked guest physical to host virtual address translations (CVE-2018-1059) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Maxime Coquelin (Red Hat). Bug Fix(es) : * The openvswitch packages have been upgraded to upstream version 2.9.0, which provides a number of bug fixes and enhancements over the previous version. (BZ#1560628)
    last seen2020-06-01
    modified2020-06-02
    plugin id109441
    published2018-05-01
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109441
    titleRHEL 7 : openvswitch (RHSA-2018:1267)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3642-1.NASL
    descriptionMaxime Coquelin discovered that DPDK incorrectly handled guest physical ranges. A malicious guest could use this issue to possibly access sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109680
    published2018-05-10
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109680
    titleUbuntu 18.04 LTS : dpdk vulnerability (USN-3642-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-2C965ABB15.NASL
    descriptionUpdate to latest 17.11 LTS (fixes bz 1571352) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120319
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120319
    titleFedora 28 : 2:dpdk (2018-2c965abb15)

Redhat

advisories
  • rhsa
    idRHSA-2018:1267
  • rhsa
    idRHSA-2018:2038
  • rhsa
    idRHSA-2018:2102
  • rhsa
    idRHSA-2018:2524
rpms
  • openvswitch-0:2.9.0-19.el7fdp
  • openvswitch-debuginfo-0:2.9.0-19.el7fdp
  • openvswitch-devel-0:2.9.0-19.el7fdp
  • openvswitch-ovn-central-0:2.9.0-19.el7fdp
  • openvswitch-ovn-common-0:2.9.0-19.el7fdp
  • openvswitch-ovn-host-0:2.9.0-19.el7fdp
  • openvswitch-ovn-vtep-0:2.9.0-19.el7fdp
  • openvswitch-test-0:2.9.0-19.el7fdp
  • python-openvswitch-0:2.9.0-19.el7fdp
  • dpdk-0:17.11-11.el7
  • dpdk-debuginfo-0:17.11-11.el7
  • dpdk-devel-0:17.11-11.el7
  • dpdk-doc-0:17.11-11.el7
  • dpdk-tools-0:17.11-11.el7
  • openstack-selinux-0:0.8.14-5.el7ost
  • openvswitch-0:2.9.0-19.el7fdp.1
  • openvswitch-debuginfo-0:2.9.0-19.el7fdp.1
  • openvswitch-devel-0:2.9.0-19.el7fdp.1
  • openvswitch-ovn-central-0:2.9.0-19.el7fdp.1
  • openvswitch-ovn-common-0:2.9.0-19.el7fdp.1
  • openvswitch-ovn-host-0:2.9.0-19.el7fdp.1
  • openvswitch-ovn-vtep-0:2.9.0-19.el7fdp.1
  • openvswitch-test-0:2.9.0-19.el7fdp.1
  • python-openvswitch-0:2.9.0-19.el7fdp.1
  • openvswitch-0:2.9.0-19.el7fdp.1
  • openvswitch-debuginfo-0:2.9.0-19.el7fdp.1
  • openvswitch-ovn-central-0:2.9.0-19.el7fdp.1
  • openvswitch-ovn-common-0:2.9.0-19.el7fdp.1
  • openvswitch-ovn-host-0:2.9.0-19.el7fdp.1
  • openvswitch-ovn-vtep-0:2.9.0-19.el7fdp.1
  • openvswitch-test-0:2.9.0-19.el7fdp.1
  • python-openvswitch-0:2.9.0-19.el7fdp.1