CVE-2019-3900

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.

References

https://www.spinics.net/lists/kernel/msg3111012.html

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3900

http://www.securityfocus.com/bid/108076

https://lists.fedoraproject.org/archives/list/[email protected]/message/TOFNJA5NNVXQ6AV6KGZB677JIVXAMJHT/

https://lists.fedoraproject.org/archives/list/[email protected]/message/AYTZH6QCNITK7353S6RCRT2PQHZSDPXD/

https://lists.fedoraproject.org/archives/list/[email protected]/message/RI3WXXM5URTZSR3RVEKO6MDXDFIKTZ5R/

https://security.netapp.com/advisory/ntap-20190517-0005/

https://access.redhat.com/errata/RHSA-2019:1973

https://access.redhat.com/errata/RHSA-2019:2043

https://access.redhat.com/errata/RHSA-2019:2029

https://www.debian.org/security/2019/dsa-4497

https://seclists.org/bugtraq/2019/Aug/18

https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html

https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html

https://usn.ubuntu.com/4114-1/

https://usn.ubuntu.com/4117-1/

https://usn.ubuntu.com/4116-1/

https://usn.ubuntu.com/4115-1/

https://usn.ubuntu.com/4118-1/

https://access.redhat.com/errata/RHSA-2019:3220

https://access.redhat.com/errata/RHSA-2019:3517

https://access.redhat.com/errata/RHSA-2019:3309

https://seclists.org/bugtraq/2019/Nov/11

http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

https://access.redhat.com/errata/RHSA-2019:3836

https://access.redhat.com/errata/RHSA-2019:3967

https://access.redhat.com/errata/RHSA-2019:4058

https://access.redhat.com/errata/RHSA-2020:0204

https://www.oracle.com/security-alerts/cpuApr2021.html

Details

Source: MITRE

Published: 2019-04-25

Updated: 2021-06-14

Type: CWE-835

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3

Base Score: 7.7

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Impact Score: 4

Exploitability Score: 3.1

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:5.1:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.1:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.1:rc3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.1:rc4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.1:rc5:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.1:rc6:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:a:netapp:active_iq_unified_manager_for_vmware_vsphere:*:*:*:*:*:*:*:*

cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap_for_vmware_vsphere:*:*:*:*:*:*:*:*

cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*

cpe:2.3:a:netapp:virtual_storage_console_for_vmware_vsphere:*:*:*:*:*:*:*:*

Configuration 7

AND

OR

cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*

Tenable Plugins

View all (48 total)

IDNameProductFamilySeverity
154016OracleVM 3.4 : Unbreakable / etc (OVMSA-2021-0035)NessusOracleVM Local Security Checks
high
153625SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2021:3206-1)NessusSuSE Local Security Checks
high
153616SUSE SLES12 Security Update : kernel (SUSE-SU-2021:3217-1)NessusSuSE Local Security Checks
high
153582OracleVM 3.4 : Unbreakable / etc (OVMSA-2021-0031)NessusOracleVM Local Security Checks
critical
153581SUSE SLES12 Security Update : kernel (SUSE-SU-2021:3192-1)NessusSuSE Local Security Checks
high
153557Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9459)NessusOracle Linux Local Security Checks
critical
148041EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-1684)NessusHuawei Local Security Checks
high
145665CentOS 8 : kernel (CESA-2019:3517)NessusCentOS Local Security Checks
critical
140499Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5845)NessusOracle Linux Local Security Checks
critical
135305Photon OS 2.0: Linux PHSA-2020-2.0-0225NessusPhotonOS Local Security Checks
high
134387EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1186)NessusHuawei Local Security Checks
critical
134312NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2020-0021)NessusNewStart CGSL Local Security Checks
high
133221RHEL 8 : kernel (RHSA-2020:0204)NessusRed Hat Local Security Checks
critical
132495NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0253)NessusNewStart CGSL Local Security Checks
high
132474NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0247)NessusNewStart CGSL Local Security Checks
high
131675RHEL 7 : kernel (RHSA-2019:4058)NessusRed Hat Local Security Checks
high
131375RHEL 7 : kernel (RHSA-2019:3967)NessusRed Hat Local Security Checks
high
131227Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2019-089)NessusVirtuozzo Local Security Checks
high
131006Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20191113)NessusScientific Linux Local Security Checks
medium
130993Oracle Linux 6 : kernel (ELSA-2019-3836)NessusOracle Linux Local Security Checks
medium
130978CentOS 6 : kernel (CESA-2019:3836)NessusCentOS Local Security Checks
medium
130928RHEL 6 : kernel (RHSA-2019:3836)NessusRed Hat Local Security Checks
medium
130751Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-311-01)NessusSlackware Local Security Checks
critical
130547RHEL 8 : kernel (RHSA-2019:3517)NessusRed Hat Local Security Checks
critical
130526RHEL 8 : kernel-rt (RHSA-2019:3309)NessusRed Hat Local Security Checks
critical
130376RHEL 7 : kernel (RHSA-2019:3220)NessusRed Hat Local Security Checks
high
129920NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0183)NessusNewStart CGSL Local Security Checks
medium
129900NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0180)NessusNewStart CGSL Local Security Checks
medium
128680Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel regression (USN-4115-2)NessusUbuntu Local Security Checks
critical
128651CentOS 7 : kernel (CESA-2019:2029)NessusCentOS Local Security Checks
medium
128478Ubuntu 16.04 LTS / 18.04 LTS : linux-aws vulnerabilities (USN-4118-1)NessusUbuntu Local Security Checks
critical
128477Ubuntu 19.04 : linux-aws vulnerabilities (USN-4117-1)NessusUbuntu Local Security Checks
high
128476Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-4116-1)NessusUbuntu Local Security Checks
medium
128475Ubuntu 16.04 LTS / 18.04 LTS : linux, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, (USN-4115-1)NessusUbuntu Local Security Checks
critical
128474Ubuntu 18.04 LTS / 19.04 : linux, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, (USN-4114-1)NessusUbuntu Local Security Checks
medium
128226Scientific Linux Security Update : kernel on SL7.x x86_64 (20190806)NessusScientific Linux Local Security Checks
medium
127921Debian DLA-1885-1 : linux-4.9 security updateNessusDebian Local Security Checks
high
127867Debian DSA-4497-1 : linux - security updateNessusDebian Local Security Checks
high
127866Debian DLA-1884-1 : linux security updateNessusDebian Local Security Checks
high
127655RHEL 7 : kernel-rt (RHSA-2019:2043)NessusRed Hat Local Security Checks
medium
127650RHEL 7 : kernel (RHSA-2019:2029)NessusRed Hat Local Security Checks
medium
127643RHEL 7 : kernel-alt (RHSA-2019:1973)NessusRed Hat Local Security Checks
high
127060Amazon Linux AMI : kernel (ALAS-2019-1232)NessusAmazon Linux Local Security Checks
high
126956Amazon Linux 2 : kernel (ALAS-2019-1232)NessusAmazon Linux Local Security Checks
high
125588EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1636)NessusHuawei Local Security Checks
high
124661Fedora 28 : kernel (2019-a6cd583a8d)NessusFedora Local Security Checks
high
124572Fedora 30 : kernel (2019-87d807d7cb)NessusFedora Local Security Checks
high
124571Fedora 29 : kernel (2019-8219efa9f6)NessusFedora Local Security Checks
high