|Number of vulnerabilities||1|
|CVE ID|| CVE-2018-1118
|Vulnerable software versions||
Linux kernel 4.8.0
Linux kernel 4.8.1
Linux kernel 4.8.2
|Vendor URL||Linux Foundation|
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists in the vhost/vhost.c:vhost_new_msg() function due to improper initialization of memory in messages that are passed between virtual guests and the host operating system. A local attacker can read from the /dev/vhost-net device file and read sensitive kernel memory information.
Cybersecurity is currently unaware of any solutions addressing the vulnerability.External links