QwikSec

Security Database

CVE

CWE

Training

CVE-2019-3900

Published: Apr 25, 2019

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.0

6.3

MEDIUM

Description

An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.

Vendor	Product	Versions
Red Hat	Kernel	affected `affects up to and including v5.1-rc6`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

References

vdb-entry

x_refsource_BID

FEDORA-2019-87d807d7cb

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-8219efa9f6

vendor-advisory

x_refsource_FEDORA

FEDORA-2019-a6cd583a8d

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

20190813 [SECURITY] [DSA 4497-1] linux security update

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_DEBIAN

[debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

https://security.netapp.com/advisory/ntap-20190517-0005/

x_refsource_CONFIRM

https://www.oracle.com/security-alerts/cpuApr2021.html

x_refsource_MISC

http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3900

x_refsource_CONFIRM

https://www.spinics.net/lists/kernel/msg3111012.html

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.