Vulnerability Name:

CVE-2019-3900 (CCN-160135)

Assigned:2019-04-25
Published:2019-04-25
Updated:2023-02-12
Summary:An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.
CVSS v3 Severity:7.7 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)
6.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
6.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H)
5.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-835
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2019-3900

Source: secalert@redhat.com
Type: Patch, Third Party Advisory, VDB Entry
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory, VDB Entry
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
linux-kernel-cve20193900-dos(160135)

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Patch, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: oss-sec Mailing List, Thu, 25 Apr 2019 14:39:18 +0530 (IST)
CVE-2019-3900 Kernel: vhost_net: infinite loop while receiving packets leads to DoS

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: IBM Security Bulletin 1284100 (Vyatta 5600)
Vyatta 5600 vRouter Software Patches - Release 1801-ze

Source: CCN
Type: IBM Security Bulletin 6129315 (Security Guardium)
IBM Security Guardium is affected by a kernel vulnerability

Source: CCN
Type: IBM Security Bulletin 6244890 (Netezza Host Management)
Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management

Source: CCN
Type: Oracle Critical Patch Update Advisory - April 2021
Oracle Critical Patch Update Advisory - April 2021

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: Spinics Web site
[PATCH net] vhost_net: fix possible infinite loop

Source: secalert@redhat.com
Type: Patch, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2019-3900

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*
    • Configuration RedHat 6:
  • cpe:/a:redhat:rhel_extras_rt:7:*:*:*:*:*:*:*
    • Configuration RedHat 7:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 8:
  • cpe:/a:redhat:enterprise_linux:8::nfv:*:*:*:*:*
    • Configuration RedHat 9:
  • cpe:/a:redhat:enterprise_linux:8::realtime:*:*:*:*:*
    • Configuration RedHat 10:
  • cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*
    • Configuration RedHat 11:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 12:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*
    • Configuration RedHat 13:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*
    • Configuration RedHat 14:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*
    • Configuration RedHat 15:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*
    • Configuration RedHat 16:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*
    • Configuration RedHat 17:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:5.1:rc6:*:*:*:*:*:*
  • AND
  • cpe:/h:ibm:vyatta_5600:*:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:51994
    P
    		Security update for the Linux Kernel (Important) (in QA)
    2023-02-09
    oval:org.opensuse.security:def:100080
    P
    		 (Important)
    2022-02-18
    oval:org.opensuse.security:def:99176
    P
    		 (Moderate)
    2021-12-23
    oval:org.opensuse.security:def:88547
    P
    		Security update for the Linux Kernel (Important)
    2021-12-08
    oval:org.opensuse.security:def:20312
    P
    		Security update for the Linux Kernel (Important)
    2021-12-08
    oval:org.opensuse.security:def:125639
    P
    		Security update for the Linux Kernel (Important)
    2021-12-08
    oval:org.opensuse.security:def:59575
    P
    		Security update for the Linux Kernel (Important)
    2021-12-08
    oval:org.opensuse.security:def:89230
    P
    		Security update for the Linux Kernel (Important)
    2021-12-08
    oval:org.opensuse.security:def:126806
    P
    		Security update for the Linux Kernel (Important)
    2021-12-08
    oval:org.opensuse.security:def:59833
    P
    		Security update for the Linux Kernel (Important)
    2021-12-08
    oval:org.opensuse.security:def:33752
    P
    		Security update for the Linux Kernel (Important)
    2021-12-08
    oval:org.opensuse.security:def:19570
    P
    		Security update for the Linux Kernel (Important)
    2021-12-08
    oval:org.opensuse.security:def:125102
    P
    		Security update for the Linux Kernel (Important)
    2021-12-08
    oval:org.opensuse.security:def:89488
    P
    		Security update for the Linux Kernel (Important)
    2021-12-08
    oval:org.opensuse.security:def:127203
    P
    		Security update for the Linux Kernel (Important)
    2021-12-08
    oval:org.opensuse.security:def:88230
    P
    		Security update for the Linux Kernel (Important)
    2021-12-08
    oval:org.opensuse.security:def:34010
    P
    		Security update for the Linux Kernel (Important)
    2021-12-08
    oval:org.opensuse.security:def:125319
    P
    		Security update for the Linux Kernel (Important)
    2021-12-08
    oval:org.opensuse.security:def:24006
    P
    		Security update for the Linux Kernel (Important)
    2021-12-08
    oval:org.opensuse.security:def:10186
    P
    		Security update for the Linux Kernel (Important)
    2021-12-07
    oval:org.opensuse.security:def:9432
    P
    		Security update for the Linux Kernel (Important)
    2021-12-07
    oval:org.opensuse.security:def:6722
    P
    		Security update for the Linux Kernel (Important)
    2021-12-07
    oval:org.opensuse.security:def:70326
    P
    		Security update for the Linux Kernel (Important)
    2021-12-07
    oval:org.opensuse.security:def:8685
    P
    		Security update for the Linux Kernel (Important)
    2021-12-07
    oval:org.opensuse.security:def:69572
    P
    		Security update for the Linux Kernel (Important)
    2021-12-07
    oval:org.opensuse.security:def:8262
    P
    		Security update for the Linux Kernel (Important)
    2021-12-07
    oval:org.opensuse.security:def:67811
    P
    		Security update for the Linux Kernel (Important)
    2021-12-07
    oval:org.opensuse.security:def:106459
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:111813
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:99371
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:8329
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:91885
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:68093
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:105866
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:98835
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:92620
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:106746
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:105187
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:10371
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:99570
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:92031
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:106061
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:9621
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:98981
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:7004
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:92819
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:70511
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:67339
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:105525
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:76407
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:99769
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:8870
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:92226
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:69761
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:106260
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:9820
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:91532
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:105671
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:9065
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:98497
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:6250
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:92421
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:69960
    P
    		Security update for the Linux Kernel (Important)
    2021-12-02
    oval:org.opensuse.security:def:60370
    P
    		Security update for the Linux Kernel (Important)
    2021-09-23
    oval:org.opensuse.security:def:5121
    P
    		Security update for the Linux Kernel (Important)
    2021-09-23
    oval:org.opensuse.security:def:4281
    P
    		Security update for the Linux Kernel (Important)
    2021-09-23
    oval:org.opensuse.security:def:26134
    P
    		Security update for the Linux Kernel (Important)
    2021-09-23
    oval:org.opensuse.security:def:61091
    P
    		Security update for the Linux Kernel (Important)
    2021-09-23
    oval:org.opensuse.security:def:5869
    P
    		Security update for the Linux Kernel (Important)
    2021-09-23
    oval:org.opensuse.security:def:34547
    P
    		Security update for the Linux Kernel (Important)
    2021-09-23
    oval:org.opensuse.security:def:20518
    P
    		Security update for the Linux Kernel (Important)
    2021-09-23
    oval:org.opensuse.security:def:4493
    P
    		Security update for the Linux Kernel (Important)
    2021-09-23
    oval:org.opensuse.security:def:35268
    P
    		Security update for the Linux Kernel (Important)
    2021-09-23
    oval:org.opensuse.security:def:21839
    P
    		Security update for the Linux Kernel (Important)
    2021-09-23
    oval:org.opensuse.security:def:4727
    P
    		Security update for the Linux Kernel (Important)
    2021-09-23
    oval:org.opensuse.security:def:19613
    P
    		Security update for the Linux Kernel (Important)
    2021-09-23
    oval:org.opensuse.security:def:34545
    P
    		Security update for the Linux Kernel (Important)
    2021-09-22
    oval:org.opensuse.security:def:60368
    P
    		Security update for the Linux Kernel (Important)
    2021-09-22
    oval:com.redhat.rhsa:def:20200204
    P
    		RHSA-2020:0204: kernel security and bug fix update (Important)
    2020-01-22
    oval:com.redhat.rhsa:def:20193836
    P
    		RHSA-2019:3836: kernel security and bug fix update (Important)
    2019-11-12
    oval:com.redhat.rhsa:def:20193517
    P
    		RHSA-2019:3517: kernel security, bug fix, and enhancement update (Important)
    2019-11-05
    oval:com.redhat.rhsa:def:20193309
    P
    		RHSA-2019:3309: kernel-rt security and bug fix update (Important)
    2019-11-05
    oval:com.redhat.rhsa:def:20192043
    P
    		RHSA-2019:2043: kernel-rt security and bug fix update (Important)
    2019-08-07
    oval:com.redhat.rhsa:def:20192029
    P
    		RHSA-2019:2029: kernel security, bug fix, and enhancement update (Important)
    2019-08-06
    oval:com.ubuntu.disco:def:201939000000000
    V
    		CVE-2019-3900 on Ubuntu 19.04 (disco) - medium.
    2019-04-25
    oval:com.ubuntu.cosmic:def:20193900000
    V
    		CVE-2019-3900 on Ubuntu 18.10 (cosmic) - medium.
    2019-04-25
    oval:com.ubuntu.cosmic:def:201939000000000
    V
    		CVE-2019-3900 on Ubuntu 18.10 (cosmic) - medium.
    2019-04-25
    oval:com.ubuntu.bionic:def:20193900000
    V
    		CVE-2019-3900 on Ubuntu 18.04 LTS (bionic) - medium.
    2019-04-25
    oval:com.ubuntu.bionic:def:201939000000000
    V
    		CVE-2019-3900 on Ubuntu 18.04 LTS (bionic) - medium.
    2019-04-25
    oval:com.ubuntu.xenial:def:20193900000
    V
    		CVE-2019-3900 on Ubuntu 16.04 LTS (xenial) - medium.
    2019-04-25
    oval:com.ubuntu.xenial:def:201939000000000
    V
    		CVE-2019-3900 on Ubuntu 16.04 LTS (xenial) - medium.
    2019-04-25
    oval:com.ubuntu.trusty:def:20193900000
    V
    		CVE-2019-3900 on Ubuntu 14.04 LTS (trusty) - medium.
    2019-04-25
    BACK
    linux linux kernel 5.1 rc6
    ibm vyatta 5600 *
    ibm security guardium 11.0
    ibm security guardium 11.1