Red Hat Bugzilla – Bug 1295480
kernel: net: ethernet flow control vulnerability in SRIOV devices
Last modified: 2018-02-13 14:53:20 EST
A design flaw found in the current Ethernet SRIOV NIC deployments that enables untrusted malicious virtual machines to completely control the network throughput and the latency of other unrelated VMs. The attack exploits Ethernet "pause" control frames, which enable network flow control functionality.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1295482]
Created attachment 1177348 [details]
This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG-2. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
is this cve for real ? it does not look in scope
(In reply to Marcus Meissner from comment #5)
> is this cve for real ? it does not look in scope
Yes, it's in DWF scope.