CVE-2019-3900
Severity
7.7HIGH
EPSS
0.2%
top 57.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 25
Latest updateMay 24
Description
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 3.1 | Impact: 4.0
Affected Packages8 packages
Also affects: Debian Linux 10.0, 8.0, 9.0, Ubuntu Linux 16.04, 18.04, 19.04, Enterprise Linux 6.0, 7.0, Fedora 28, 29, 30