Bug 1698757 (CVE-2019-3900) - CVE-2019-3900 Kernel: vhost_net: infinite loop while receiving packets leads to DoS
Summary: CVE-2019-3900 Kernel: vhost_net: infinite loop while receiving packets leads ...
Status: NEW
Alias: CVE-2019-3900
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,public=20190425,repo...
Keywords: Security
Depends On: 1702941 1702942 1702943 1702944 1702945 1702946 1702947 1702948 1702949 1702950 1702940
Blocks: 1698754
TreeView+ depends on / blocked
 
Reported: 2019-04-11 07:58 UTC by Andrej Nemec
Modified: 2019-06-08 23:57 UTC (History)
44 users (show)

(edit)
An infinite loop issue was found in the vhost_net kernel module while handling incoming packets in handle_rx(). The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.
Clone Of:
(edit)
Last Closed:


Attachments (Terms of Use)

Description Andrej Nemec 2019-04-11 07:58:29 UTC
An infinite loop issue was found in the vhost_net kernel module, while handling
incoming packets in handle_rx(). It could occur if one end sends packets faster
than the other end can process them.

A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel
thread, resulting in a DoS scenario.

Upstream patch:
---------------
  -> https://www.spinics.net/lists/kernel/msg3111012.html

Reference:
----------
  -> https://www.openwall.com/lists/oss-security/2019/04/25/2

Comment 2 Prasad J Pandit 2019-04-22 07:42:38 UTC
Acknowledgments:

Name: Jason Wang (Red Hat Inc.)

Comment 3 Prasad J Pandit 2019-04-25 09:01:22 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1702940]

Comment 6 Fedora Update System 2019-05-07 04:50:08 UTC
kernel-5.0.11-100.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.

Comment 7 Eric Christensen 2019-05-08 13:38:20 UTC
Statement:

This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.

This issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and 7. Future kernel updates for Red Hat Enterprise Linux 6 and 7 may address this issue.


Note You need to log in before you can comment on or make changes to this bug.