[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2019-3900Date: (C)2019-06-19   (M)2024-04-19


An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.7CVSS Score : 6.8
Exploit Score: 3.1Exploit Score: 8.0
Impact Score: 4.0Impact Score: 6.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication: SINGLE
User Interaction: NONEConfidentiality: NONE
Scope: CHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: COMPLETE
Integrity: NONE 
Availability: HIGH 
  
Reference:
BID-108076
https://seclists.org/bugtraq/2019/Aug/18
https://seclists.org/bugtraq/2019/Nov/11
DSA-4497
FEDORA-2019-8219efa9f6
FEDORA-2019-87d807d7cb
FEDORA-2019-a6cd583a8d
RHSA-2019:1973
RHSA-2019:2029
RHSA-2019:2043
RHSA-2019:3220
RHSA-2019:3309
RHSA-2019:3517
RHSA-2019:3836
RHSA-2019:3967
RHSA-2019:4058
RHSA-2020:0204
USN-4114-1
USN-4115-1
USN-4116-1
USN-4117-1
USN-4118-1
https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3900
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYTZH6QCNITK7353S6RCRT2PQHZSDPXD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RI3WXXM5URTZSR3RVEKO6MDXDFIKTZ5R/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TOFNJA5NNVXQ6AV6KGZB677JIVXAMJHT/
https://security.netapp.com/advisory/ntap-20190517-0005/
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.spinics.net/lists/kernel/msg3111012.html

CWE    1
CWE-835
OVAL    40
oval:org.secpod.oval:def:89048277
oval:org.secpod.oval:def:89047022
oval:org.secpod.oval:def:89046982
oval:org.secpod.oval:def:1505597
...

© SecPod Technologies