Announcement Announcement Module
Collapse
No announcement yet.
Denial of Service Vulnerability in Linux Kernel 'handle_rx()' Function Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Denial of Service Vulnerability in Linux Kernel 'handle_rx()' Function

    Denial of Service Vulnerability in Linux Kernel 'handle_rx()' Function


    Severity Rating: High

    Systems Affected
    • Linux kernel prior to 3.13.10

    Overview
    A vulnerability has been reported in Linux kernel which could allow a local attacker to gain privileges or cause denial of service conditions.

    Description

    This vulnerability exists in the "handle_rx()" function (drivers/vhost/net.c) in the Linux kernel due to improper validation of packet lengths when mergeable buffers are disabled. A local attacker in a
    guest machine could exploit this vulnerability via crafted packets to corrupt qemu memory. Successful exploitation could lead to gaining system privileges on the host OS or cause denial of service conditions.

    Solution
    Apply appropriate patches as mentioned in the following links:

    http://git.kernel.org/?p=linux/kerne...0241be8fa2bad0

    Vendor Information
    Kernel.org
    http://www.kernel.org

    References
    RedHat
    https://bugzilla.redhat.com/show_bug.cgi?id=1064440

    XForce
    http://xforce.iss.net/xforce/xfdb/92332

    Secunia
    http://secunia.com/advisories/57740
Tag Cloud Tag Cloud Module
Collapse
Working...
X