CVE-2019-3900
moderate-risk
Published 2019-04-25
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.
Do I need to act?
-
0.21% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.7/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Active Iq Unified Manager For Vmware Vsphere
Storage Replication Adapter For Clustered Data Ontap For Vmware Vsphere
Virtual Storage Console For Vmware Vsphere
References (58)
Third Party Advisory
http://www.securityfocus.com/bid/108076
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1973
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2029
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2043
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3220
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3309
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3517
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3836
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3967
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4058
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0204
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3900
Mailing List
https://seclists.org/bugtraq/2019/Aug/18
Mailing List
https://seclists.org/bugtraq/2019/Nov/11
and 38 more references
48
/ 100
moderate-risk
Severity
27/34 · High
Exploitability
1/34 · Minimal
Exposure
20/34 · Moderate