Announcement Announcement Module
Collapse
No announcement yet.
Denial of Service vulnerability in Linux Kernel "get_rx_bufs()" Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Denial of Service vulnerability in Linux Kernel "get_rx_bufs()"

    Denial of Service vulnerability in Linux Kernel "get_rx_bufs()"


    Severity Rating: Medium

    System Affected
    • Red Hat Enterprise Linux Workstation Optional 6
    • Red Hat Enterprise Linux Workstation 6
    • Red Hat Enterprise Linux Server Optional 6
    • Red Hat Enterprise Linux Server 6
    • Red Hat Enterprise Linux HPC Node Optional 6
    • Red Hat Enterprise Linux HPC Node 6
    • Red Hat Enterprise Linux Desktop Optional 6
    • Red Hat Enterprise Linux Desktop 6
    • Oracle Enterprise Linux 6.2
    • Oracle Enterprise Linux 6
    • Linux kernel 2.6.32
    • Linux kernel 3.2.57
    • Linux Kernel 3.4.87
    • Linux Kernel 3.10.36
    • Linux Kernel 3.12.17

    Overview

    The vulnerability has been reported in Linux Kernel which could be
    exploited by an attacker to cause denial of service Conditions (DoS) .


    Description

    The vulnerability exists due to improper handling of vhost_get_vq_desc
    errors by the get_rx_bufs() in drivers/vhost/net.c in the vhost-net
    subsystem in the Linux kernel package. A privileged guest user could use
    this flaw to crash the host OS.

    Successful exploitation of this vulnerability could allow an attacker to
    cause denial of service Conditions (DoS) .

    Solution
    Apply Appropriate updates/patches as mentioned in the following links
    https://rhn.redhat.com/errata/RHSA-2014-0339.html
    http://patchwork.ozlabs.org/patch/334291/

    Vendor Information

    Kernel.org
    http://www.kernel.org

    References

    Redhat
    https://bugzilla.redhat.com/show_bug.cgi?id=1062577
    Security Focus
    http://www.securityfocus.com/bid/66441
    Secunia
    http://secunia.com/advisories/58165/
    http://www.cert-in.org.in/

    Severity Rating: Medium

    System Affected
    • Red Hat Enterprise Linux Workstation Optional 6
    • Red Hat Enterprise Linux Workstation 6
    • Red Hat Enterprise Linux Server Optional 6
    • Red Hat Enterprise Linux Server 6
    • Red Hat Enterprise Linux HPC Node Optional 6
    • Red Hat Enterprise Linux HPC Node 6
    • Red Hat Enterprise Linux Desktop Optional 6
    • Red Hat Enterprise Linux Desktop 6
    • Oracle Enterprise Linux 6.2
    • Oracle Enterprise Linux 6
    • Linux kernel 2.6.32
    • Linux kernel 3.2.57
    • Linux Kernel 3.4.87
    • Linux Kernel 3.10.36
    • Linux Kernel 3.12.17

    Overview

    The vulnerability has been reported in Linux Kernel which could be exploited by an attacker to cause denial of service Conditions (DoS) .


    Description

    The vulnerability exists due to improper handling of vhost_get_vq_desc errors by the get_rx_bufs() in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package. A privileged guest user could use this flaw to crash the host OS.

    Successful exploitation of this vulnerability could allow an attacker to cause denial of service Conditions (DoS) .

    Solution
    Apply Appropriate updates/patches as mentioned in the following links
    https://rhn.redhat.com/errata/RHSA-2014-0339.html
    http://patchwork.ozlabs.org/patch/334291/

    Vendor Information

    Kernel.org
    http://www.kernel.org

    References

    Redhat
    https://bugzilla.redhat.com/show_bug.cgi?id=1062577
    Security Focus
    http://www.securityfocus.com/bid/66441
    Secunia
    http://secunia.com/advisories/58165/
Working...
X