CVE-2019-3900

An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.

CVSS v3 7.7 HIGH
CVSS v2.0 6.8 MEDIUM

7.7^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:C

Exploitability : 8.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html	Patch Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/108076	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2019:1973	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2029	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2043	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3220	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3309	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3517	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3836	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3967	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4058	Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0204	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3900	Issue Tracking Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYTZH6QCNITK7353S6RCRT2PQHZSDPXD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RI3WXXM5URTZSR3RVEKO6MDXDFIKTZ5R/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TOFNJA5NNVXQ6AV6KGZB677JIVXAMJHT/
https://seclists.org/bugtraq/2019/Aug/18	Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Nov/11	Mailing List Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20190517-0005/	Third Party Advisory
https://usn.ubuntu.com/4114-1/	Third Party Advisory
https://usn.ubuntu.com/4115-1/	Third Party Advisory
https://usn.ubuntu.com/4116-1/	Third Party Advisory
https://usn.ubuntu.com/4117-1/	Third Party Advisory
https://usn.ubuntu.com/4118-1/	Third Party Advisory
https://www.debian.org/security/2019/dsa-4497	Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	Third Party Advisory
https://www.spinics.net/lists/kernel/msg3111012.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.1:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.1:rc2::::::
	cpe:2.3:o:linux:linux_kernel:5.1:rc3::::::
	cpe:2.3:o:linux:linux_kernel:5.1:rc4::::::
	cpe:2.3:o:linux:linux_kernel:5.1:rc5::::::
	cpe:2.3:o:linux:linux_kernel:5.1:rc6::::::

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:29:::::::*
	cpe:2.3:o:fedoraproject:fedora:30:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration 5 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*

Configuration 6 (hide)

OR	cpe:2.3:a:netapp:active_iq_unified_manager_for_vmware_vsphere::::::::
	cpe:2.3:a:netapp:hci_management_node:-:::::::*
	cpe:2.3:a:netapp:snapprotect:-:::::::*
	cpe:2.3:a:netapp:solidfire:-:::::::*
	cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap_for_vmware_vsphere::::::::
	cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap::::::::
	cpe:2.3:a:netapp:virtual_storage_console_for_vmware_vsphere::::::::

Configuration 7 (hide)

AND

cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*

Configuration 8 (hide)

cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*

History

12 Feb 2023, 23:38

Type	Values Removed	Values Added
References	~~{'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1698757', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1698757', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/security/cve/CVE-2019-3900', 'name': 'https://access.redhat.com/security/cve/CVE-2019-3900', 'tags': [], 'refsource': 'MISC'}~~
Summary	An infinite loop issue was found in the vhost_net kernel module while handling incoming packets in handle_rx(). The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.	An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.

02 Feb 2023, 21:19

Type	Values Removed	Values Added
Summary	An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.	An infinite loop issue was found in the vhost_net kernel module while handling incoming packets in handle_rx(). The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.
References	{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TOFNJA5NNVXQ6AV6KGZB677JIVXAMJHT/', 'name': 'FEDORA-2019-87d807d7cb', 'tags': ['Mailing List', 'Release Notes', 'Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3WXXM5URTZSR3RVEKO6MDXDFIKTZ5R/', 'name': 'FEDORA-2019-a6cd583a8d', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYTZH6QCNITK7353S6RCRT2PQHZSDPXD/', 'name': 'FEDORA-2019-8219efa9f6', 'tags': ['Mailing List', 'Release Notes', 'Third Party Advisory'], 'refsource': 'FEDORA'}	(MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RI3WXXM5URTZSR3RVEKO6MDXDFIKTZ5R/ - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1698757 - (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TOFNJA5NNVXQ6AV6KGZB677JIVXAMJHT/ - (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYTZH6QCNITK7353S6RCRT2PQHZSDPXD/ - (MISC) https://access.redhat.com/security/cve/CVE-2019-3900 -

15 Dec 2021, 15:41

Type	Values Removed	Values Added
CPE		cpe:2.3:a:oracle:sd-wan_edge:8.2:::::::*
References	~~(MISC) https://www.oracle.com/security-alerts/cpuApr2021.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Third Party Advisory

14 Jun 2021, 18:15

Type	Values Removed	Values Added
References		(MISC) https://www.oracle.com/security-alerts/cpuApr2021.html -

Information

Published : 2019-04-25 15:29

Updated : 2023-12-10 12:59

NVD link : CVE-2019-3900

Mitre link : CVE-2019-3900

CVE.ORG link : CVE-2019-3900

JSON object : View

Products Affected

netapp

vasa_provider_for_clustered_data_ontap
snapprotect
virtual_storage_console_for_vmware_vsphere
solidfire
hci_management_node
active_iq_unified_manager_for_vmware_vsphere
cn1610
cn1610_firmware
storage_replication_adapter_for_clustered_data_ontap_for_vmware_vsphere

debian

debian_linux

redhat

enterprise_linux

linux

linux_kernel

oracle

sd-wan_edge

canonical

ubuntu_linux

fedoraproject

fedora

CWE

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

7.7 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

6.8 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2019-3900

7.7^/10

6.8^/10

Attach tags to `CVE-2019-3900`