Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Network
0

CVE-2019-3900

Disclosure Date: April 25, 2019
CVE-2019-3900 CVSS v3 Base Score: 7.7
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.7 High
Impact Score:
4
Exploitability Score:
3.1
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Changed
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Kernel affects up to and including v5.1-rc6
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • canonical,
  • debian,
  • fedoraproject,
  • linux,
  • netapp,
  • oracle,
  • redhat

Products

  • active iq unified manager for vmware vsphere,
  • cn1610 firmware -,
  • debian linux 10.0,
  • debian linux 8.0,
  • debian linux 9.0,
  • enterprise linux 6.0,
  • enterprise linux 7.0,
  • fedora 28,
  • fedora 29,
  • fedora 30,
  • hci management node -,
  • linux kernel,
  • sd-wan edge 8.2,
  • snapprotect -,
  • solidfire -,
  • storage replication adapter for clustered data ontap for vmware vsphere,
  • ubuntu linux 16.04,
  • ubuntu linux 18.04,
  • ubuntu linux 19.04,
  • vasa provider for clustered data ontap,
  • virtual storage console for vmware vsphere

References

Canonical
CVE-2019-3900 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3900)
BID-108076 (http://www.securityfocus.com/bid/108076)
Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3900
https://www.spinics.net/lists/kernel/msg3111012.html
FEDORA-2019-87d807d7cb (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TOFNJA5NNVXQ6AV6KGZB677JIVXAMJHT)
FEDORA-2019-8219efa9f6 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYTZH6QCNITK7353S6RCRT2PQHZSDPXD)
FEDORA-2019-a6cd583a8d (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3WXXM5URTZSR3RVEKO6MDXDFIKTZ5R)
https://security.netapp.com/advisory/ntap-20190517-0005
https://access.redhat.com/errata/RHSA-2019:1973
https://access.redhat.com/errata/RHSA-2019:2043
https://access.redhat.com/errata/RHSA-2019:2029
20190813 [SECURITY] [DSA 4497-1] linux security update (https://seclists.org/bugtraq/2019/Aug/18)
[debian-lts-announce] 20190814 [SECURITY] [DLA 1884-1] linux security update (https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html)
[debian-lts-announce] 20190814 [SECURITY] [DLA 1885-1] linux-4.9 security update (https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html)
USN-4117-1 (https://usn.ubuntu.com/4117-1)
USN-4114-1 (https://usn.ubuntu.com/4114-1)
USN-4115-1 (https://usn.ubuntu.com/4115-1)
USN-4116-1 (https://usn.ubuntu.com/4116-1)
USN-4118-1 (https://usn.ubuntu.com/4118-1)
https://access.redhat.com/errata/RHSA-2019:3220
https://access.redhat.com/errata/RHSA-2019:3309
https://access.redhat.com/errata/RHSA-2019:3517
20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01) (https://seclists.org/bugtraq/2019/Nov/11)
https://access.redhat.com/errata/RHSA-2019:3836
https://access.redhat.com/errata/RHSA-2019:3967
https://access.redhat.com/errata/RHSA-2019:4058
https://access.redhat.com/errata/RHSA-2020:0204
FEDORA-2019-87d807d7cb (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TOFNJA5NNVXQ6AV6KGZB677JIVXAMJHT/)
FEDORA-2019-8219efa9f6 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYTZH6QCNITK7353S6RCRT2PQHZSDPXD/)
FEDORA-2019-a6cd583a8d (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RI3WXXM5URTZSR3RVEKO6MDXDFIKTZ5R/)
https://security.netapp.com/advisory/ntap-20190517-0005/
USN-4117-1 (https://usn.ubuntu.com/4117-1/)
USN-4114-1 (https://usn.ubuntu.com/4114-1/)
USN-4115-1 (https://usn.ubuntu.com/4115-1/)
USN-4116-1 (https://usn.ubuntu.com/4116-1/)
USN-4118-1 (https://usn.ubuntu.com/4118-1/)
Miscellaneous
https://www.debian.org/security/2019/dsa-4497
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://access.redhat.com/security/cve/CVE-2019-3900
https://bugzilla.redhat.com/show_bug.cgi?id=1698757
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYTZH6QCNITK7353S6RCRT2PQHZSDPXD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RI3WXXM5URTZSR3RVEKO6MDXDFIKTZ5R/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TOFNJA5NNVXQ6AV6KGZB677JIVXAMJHT/

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis