Lucene search

K
nvd[email protected]NVD:CVE-2019-3900
HistoryApr 25, 2019 - 3:29 p.m.

CVE-2019-3900

2019-04-2515:29:00
CWE-835
web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.7%

An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.

Affected configurations

NVD
Node
linuxlinux_kernelRange2.6.343.16.72
OR
linuxlinux_kernelRange3.174.4.191
OR
linuxlinux_kernelRange4.54.9.190
OR
linuxlinux_kernelRange4.104.14.133
OR
linuxlinux_kernelRange4.154.19.64
OR
linuxlinux_kernelRange4.205.2
Node
fedoraprojectfedoraMatch29
OR
fedoraprojectfedoraMatch30
Node
redhatenterprise_linuxMatch6.0
OR
redhatenterprise_linuxMatch7.0
Node
debiandebian_linuxMatch8.0
OR
debiandebian_linuxMatch9.0
OR
debiandebian_linuxMatch10.0
Node
canonicalubuntu_linuxMatch16.04lts
OR
canonicalubuntu_linuxMatch18.04lts
OR
canonicalubuntu_linuxMatch19.04
Node
netappactive_iq_unified_manager_for_vmware_vsphereRange9.5
OR
netapphci_management_nodeMatch-
OR
netappsnapprotectMatch-
OR
netappsolidfireMatch-
OR
netappstorage_replication_adapter_for_clustered_data_ontap_for_vmware_vsphereRange7.2
OR
netappvasa_provider_for_clustered_data_ontapRange7.2
OR
netappvirtual_storage_console_for_vmware_vsphereRange7.2
Node
netappcn1610Match-
AND
netappcn1610_firmwareMatch-
Node
oraclesd-wan_edgeMatch8.2
Node
fedoraprojectfedoraMatch28
OR
fedoraprojectfedoraMatch29
OR
fedoraprojectfedoraMatch30

References

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.7%