Bug 1698757 (CVE-2019-3900) - CVE-2019-3900 Kernel: vhost_net: infinite loop while receiving packets leads to DoS
Summary: CVE-2019-3900 Kernel: vhost_net: infinite loop while receiving packets leads ...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-3900
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1702940 1702941 1702942 1702943 1702944 1702945 1702946 1702947 1702948 1702949 1702950 1738494 1759703 1759704 1759705 1759706
Blocks: 1698754
TreeView+ depends on / blocked
 
Reported: 2019-04-11 07:58 UTC by Andrej Nemec
Modified: 2023-03-24 14:43 UTC (History)
45 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
An infinite loop issue was found in the vhost_net kernel module while handling incoming packets in handle_rx(). The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.
Clone Of:
Environment:
Last Closed: 2019-07-30 19:18:20 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:1973 0 None None None 2019-07-30 13:17:24 UTC
Red Hat Product Errata RHSA-2019:2029 0 None None None 2019-08-06 12:04:41 UTC
Red Hat Product Errata RHSA-2019:2043 0 None None None 2019-08-06 12:07:05 UTC
Red Hat Product Errata RHSA-2019:3220 0 None None None 2019-10-29 13:12:03 UTC
Red Hat Product Errata RHSA-2019:3309 0 None None None 2019-11-05 20:35:22 UTC
Red Hat Product Errata RHSA-2019:3517 0 None None None 2019-11-05 21:06:04 UTC
Red Hat Product Errata RHSA-2019:3836 0 None None None 2019-11-12 20:57:08 UTC
Red Hat Product Errata RHSA-2019:3967 0 None None None 2019-11-26 11:52:44 UTC
Red Hat Product Errata RHSA-2019:4058 0 None None None 2019-12-03 08:26:01 UTC
Red Hat Product Errata RHSA-2020:0204 0 None None None 2020-01-22 21:24:52 UTC

Description Andrej Nemec 2019-04-11 07:58:29 UTC
An infinite loop issue was found in the vhost_net kernel module, while handling
incoming packets in handle_rx(). It could occur if one end sends packets faster
than the other end can process them.

A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel
thread, resulting in a DoS scenario.

Upstream patch:
---------------
  -> https://www.spinics.net/lists/kernel/msg3111012.html

Reference:
----------
  -> https://www.openwall.com/lists/oss-security/2019/04/25/2

Comment 2 Prasad Pandit 2019-04-22 07:42:38 UTC
Acknowledgments:

Name: Jason Wang (Red Hat Inc.)

Comment 3 Prasad Pandit 2019-04-25 09:01:22 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1702940]

Comment 6 Fedora Update System 2019-05-07 04:50:08 UTC
kernel-5.0.11-100.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.

Comment 7 Eric Christensen 2019-05-08 13:38:20 UTC
Statement:

This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.

This issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and 7. Future kernel updates for Red Hat Enterprise Linux 6 and 7 may address this issue.

Comment 8 errata-xmlrpc 2019-07-30 13:17:22 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:1973 https://access.redhat.com/errata/RHSA-2019:1973

Comment 9 Product Security DevOps Team 2019-07-30 19:18:20 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-3900

Comment 10 errata-xmlrpc 2019-08-06 12:04:38 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2029

Comment 11 errata-xmlrpc 2019-08-06 12:07:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019:2043

Comment 14 errata-xmlrpc 2019-10-29 13:12:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2019:3220 https://access.redhat.com/errata/RHSA-2019:3220

Comment 16 errata-xmlrpc 2019-11-05 20:35:20 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3309

Comment 17 errata-xmlrpc 2019-11-05 21:06:02 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2019:3517

Comment 18 errata-xmlrpc 2019-11-12 20:57:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2019:3836 https://access.redhat.com/errata/RHSA-2019:3836

Comment 20 errata-xmlrpc 2019-11-26 11:52:38 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2019:3967 https://access.redhat.com/errata/RHSA-2019:3967

Comment 21 errata-xmlrpc 2019-12-03 08:25:57 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support
  Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.4 Telco Extended Update Support

Via RHSA-2019:4058 https://access.redhat.com/errata/RHSA-2019:4058

Comment 22 errata-xmlrpc 2020-01-22 21:26:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:0204 https://access.redhat.com/errata/RHSA-2020:0204


Note You need to log in before you can comment on or make changes to this bug.