Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2019-3900 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2019-3900

CVE-2019-3900

HIGH7.7

An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5

Published Apr 25, 2019

Modified 1 years ago

Details

An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.

References(30)

WEBhttp://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html WEBhttp://www.securityfocus.com/bid/108076 ADVISORYhttps://access.redhat.com/errata/RHSA-2019:1973 ADVISORYhttps://access.redhat.com/errata/RHSA-2019:2029 ADVISORYhttps://access.redhat.com/errata/RHSA-2019:2043 ADVISORYhttps://access.redhat.com/errata/RHSA-2019:3220 ADVISORYhttps://access.redhat.com/errata/RHSA-2019:3309 ADVISORYhttps://access.redhat.com/errata/RHSA-2019:3517 ADVISORYhttps://access.redhat.com/errata/RHSA-2019:3836 ADVISORYhttps://access.redhat.com/errata/RHSA-2019:3967 ADVISORYhttps://access.redhat.com/errata/RHSA-2019:4058 ADVISORYhttps://access.redhat.com/errata/RHSA-2020:0204 WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3900 WEBhttps://lists.debian.org/debian-lts-announce/2019/08/msg00016.html WEBhttps://lists.debian.org/debian-lts-announce/2019/08/msg00017.html ADVISORYhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYTZH6QCNITK7353S6RCRT2PQHZSDPXD/ADVISORYhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RI3WXXM5URTZSR3RVEKO6MDXDFIKTZ5R/ADVISORYhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TOFNJA5NNVXQ6AV6KGZB677JIVXAMJHT/WEBhttps://seclists.org/bugtraq/2019/Aug/18 WEBhttps://seclists.org/bugtraq/2019/Nov/11 WEBhttps://security.netapp.com/advisory/ntap-20190517-0005/ADVISORYhttps://usn.ubuntu.com/4114-1/ADVISORYhttps://usn.ubuntu.com/4115-1/ADVISORYhttps://usn.ubuntu.com/4116-1/ADVISORYhttps://usn.ubuntu.com/4117-1/

CVSS Analysis

CVSS v3.1

7.7

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

Scope

ChangedS:C

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

7.7/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Weakness Type (CWE)

Other

Ecosystems

Timeline

PublishedApr 25, 2019

ModifiedAug 4, 2024