CVE-2019-3900

An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.

Published: Apr 25, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-3900
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.7
AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:L/Au:S/C:N/I:N/A:C

CWEs:

CWE-835

Affected Software
References

Software	From	Fixed in
fedoraproject / fedora	29	29.x
fedoraproject / fedora	30	30.x
redhat / enterprise_linux	7.0	7.0.x
redhat / enterprise_linux	6.0	6.0.x
debian / debian_linux	8.0	8.0.x
debian / debian_linux	9.0	9.0.x
debian / debian_linux	10.0	10.0.x
canonical / ubuntu_linux	16.04	16.04.x
canonical / ubuntu_linux	18.04	18.04.x
canonical / ubuntu_linux	19.04	19.04.x
netapp / vasa_provider_for_clustered_data_ontap	7.2	7.2.x
netapp / active_iq_unified_manager_for_vmware_vsphere	9.5	9.5.x
netapp / virtual_storage_console_for_vmware_vsphere	7.2	7.2.x
netapp / storage_replication_adapter_for_clustered_data_ontap_for_vmware_vsphere	7.2	7.2.x
oracle / sd-wan_edge	8.2	8.2.x
linux / linux_kernel	4.10	4.14.133
linux / linux_kernel	4.20	5.2
linux / linux_kernel	4.5	4.9.190
linux / linux_kernel	3.17	4.4.191
linux / linux_kernel	4.15	4.19.64
linux / linux_kernel	2.6.34	3.16.72
fedoraproject / fedora	28	28.x

Vulnerability Database

289,599

CVE-2019-3900