CVE-2014-0055

MEDIUM

Description

The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors.

References

http://rhn.redhat.com/errata/RHSA-2014-0328.html

http://rhn.redhat.com/errata/RHSA-2014-0339.html

http://secunia.com/advisories/59386

http://www.securityfocus.com/bid/66441

https://bugzilla.redhat.com/show_bug.cgi?id=1062577

Details

Source: MITRE

Published: 2014-03-26

Updated: 2019-04-22

Risk Information

CVSS v2.0

Base Score: 5.5

Vector: AV:A/AC:L/Au:S/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 5.1

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
127146NewStart CGSL MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0004)NessusNewStart CGSL Local Security Checks
critical
99163OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)NessusOracleVM Local Security Checks
critical
83633SUSE SLES11 Security Update : kernel (SUSE-SU-2014:1105-1)NessusSuSE Local Security Checks
high
79003RHEL 6 : rhev-hypervisor6 (RHSA-2014:0339)NessusRed Hat Local Security Checks
medium
78271Amazon Linux AMI : kernel (ALAS-2014-328)NessusAmazon Linux Local Security Checks
critical
76557SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 9488 / 9491 / 9493)NessusSuSE Local Security Checks
critical
76342openSUSE Security Update : kernel (openSUSE-SU-2014:0856-1)NessusSuSE Local Security Checks
high
76228openSUSE Security Update : kernel (openSUSE-SU-2014:0840-1)NessusSuSE Local Security Checks
high
74356Ubuntu 12.04 LTS : linux vulnerabilities (USN-2235-1)NessusUbuntu Local Security Checks
high
74215Ubuntu 13.10 : linux vulnerabilities (USN-2228-1)NessusUbuntu Local Security Checks
critical
74213Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2225-1)NessusUbuntu Local Security Checks
critical
74212Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2224-1)NessusUbuntu Local Security Checks
critical
74211Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-2223-1)NessusUbuntu Local Security Checks
critical
74101Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3034)NessusOracle Linux Local Security Checks
critical
73428Fedora 19 : kernel-3.13.9-100.fc19 (2014-4849)NessusFedora Local Security Checks
medium
73367Fedora 20 : kernel-3.13.8-200.fc20 (2014-4675)NessusFedora Local Security Checks
medium
73222Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3015)NessusOracle Linux Local Security Checks
critical
73221Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3014)NessusOracle Linux Local Security Checks
critical
73200Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20140325)NessusScientific Linux Local Security Checks
high
73198RHEL 6 : kernel (RHSA-2014:0328)NessusRed Hat Local Security Checks
high
73196Oracle Linux 6 : kernel (ELSA-2014-0328)NessusOracle Linux Local Security Checks
high
73191CentOS 6 : kernel (CESA-2014:0328)NessusCentOS Local Security Checks
high