CVE-2014-0077

Опубликовано: 27 мар. 2014

Источник: redhat

CVSS2: 5.5

Описание

drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.

Отчет

This issue does not affect Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Fixed	RHSA-2014:0475	07.05.2014
Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only	kernel	Fixed	RHSA-2014:0593	03.06.2014
Red Hat Enterprise Linux 6.4 Extended Update Support	kernel	Fixed	RHSA-2014:0634	04.06.2014
RHEV 3.X Hypervisor and Agents for RHEL-6	rhev-hypervisor6	Fixed	RHSA-2014:0629	05.06.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1064440kernel: vhost-net: insufficiency in handling of big packets in handle_rx()

5.5 Medium

CVSS2

Связанные уязвимости

CVE-2014-0077

ubuntu

около 11 лет назад

CVE-2014-0077

nvd

около 11 лет назад

CVE-2014-0077

debian

около 11 лет назад

drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable ...

GHSA-r4f5-rm36-v672

github

около 3 лет назад

ELSA-2014-3022

oracle-oval

около 11 лет назад

ELSA-2014-3022: Unbreakable Enterprise kernel security update (IMPORTANT)

5.5 Medium

CVSS2