CVE-2014-0055 — Linux vulnerability

14 documents8 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 45.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Redhat Enterprise Linux

Timeline

PublishedMar 26

Latest updateMay 14

Description

The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors.

CVSS vector

AV:A/AC:L/C:N/I:N/A:CExploitability: 5.1 | Impact: 6.9

Affected Packages2 packages

▶Debianlinux/linux_kernel< 3.13.10-1+3

▶debiandebian/linux< linux 3.13.10-1 (bookworm)

Also affects: Enterprise Linux 6.0

🔴Vulnerability Details

GHSA

GHSA-gxfq-q7c4-j95v: The get_rx_bufs function in drivers/vhost/net↗2022-05-14

▶

Kernel

vhost: validate vhost_get_vq_desc return value↗2014-03-27

▶

OSV

CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net↗2014-03-26

▶

📋Vendor Advisories

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2014-06-05

▶

Ubuntu

Linux kernel vulnerabilities↗2014-06-05

▶

Ubuntu

Linux kernel (Saucy HWE) vulnerabilities↗2014-05-27

▶

Ubuntu

Linux kernel (Quantal HWE) vulnerabilities↗2014-05-27

▶

Ubuntu

Linux kernel vulnerabilities↗2014-05-27

▶

💬Community

Bugzilla

CVE-2014-0055 kernel: vhost-net: insufficient handling of error conditions in get_rx_bufs() [fedora-all]↗2014-03-27

▶

Bugzilla

CVE-2014-0055 kernel: vhost-net: insufficient handling of error conditions in get_rx_bufs()↗2014-02-07

▶