CVE-2019-3900

HIGHScheduled

Published:Apr 25, 2019(7 years ago)

Modified:Nov 21, 2024

Remote ExploitNo InteractionScope ChangesLow Complexity

Vulnerability Description

An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.

Attack Characteristics

Network AccessLow ComplexityLow PrivilegesNo User Interaction

🤖

AI analysis not yet available

Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.

No Fix Known

No patch has been released yet. Apply workarounds or mitigations where available.

Affected Software

Vendor	Product	Versions	Fixed In
linux	linux_kernel	2.6.34 - 3.16.72	-
linux	linux_kernel	3.17 - 4.4.191	-
linux	linux_kernel	4.5 - 4.9.190

Timeline

Published
CVE disclosed publicly
Apr 25, 20197 years ago
Last Modified
Most recent update
Nov 21, 20241 year ago
Indexed to CVEInsight
Added to this platform
Mar 29, 20261 month ago

References

http://packetstormsecurity.com/files/155212/Slackware-Security-Advisor...Patch
http://www.securityfocus.com/bid/108076Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1973Third Party Advisory

CVSS Score

v3.1

7.7/ 10.0

HIGH

AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

At a Glance

Affected Products

References

linux / linux_kernel

https://access.redhat.com/errata/RHSA-2019:2029Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2043Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3220Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3309Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3517Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3836Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3967Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:4058Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0204Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3900Issue Tracking

https://lists.debian.org/debian-lts-announce/2019/08/msg00016.htmlMailing List

https://lists.debian.org/debian-lts-announce/2019/08/msg00017.htmlMailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists...Mailing List

https://seclists.org/bugtraq/2019/Aug/18Mailing List

https://seclists.org/bugtraq/2019/Nov/11Mailing List

https://security.netapp.com/advisory/ntap-20190517-0005/Third Party Advisory

https://usn.ubuntu.com/4114-1/Third Party Advisory

https://usn.ubuntu.com/4115-1/Third Party Advisory

https://usn.ubuntu.com/4116-1/Third Party Advisory

https://usn.ubuntu.com/4117-1/Third Party Advisory

https://usn.ubuntu.com/4118-1/Third Party Advisory

https://www.debian.org/security/2019/dsa-4497Third Party Advisory

https://www.oracle.com/security-alerts/cpuApr2021.htmlThird Party Advisory

https://www.spinics.net/lists/kernel/msg3111012.htmlPatch

http://packetstormsecurity.com/files/155212/Slackware-Security-Advisor...Patch

http://www.securityfocus.com/bid/108076Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1973Third Party Advisory