Vigil@nce - Linux kernel: denial of service via vhost-net get_rx_bufs
April 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, located in a guest system, can generate a network
error in vhost-net of the Linux kernel, in order to trigger a
denial of service.
Impacted products: Fedora, Linux, RHEL
Severity: 1/4
Creation date: 09/04/2014
DESCRIPTION OF THE VULNERABILITY
The vhost-net driver implements network features in a virtualized
environment.
The get_rx_bufs() function of the drivers/vhost/net.c file calls
the vhost_get_vq_desc() function. However, if an error occurs in
this function, get_rx_bufs() does not detect it, and then a fatal
error occurs.
An attacker, located in a guest system, can therefore generate a
network error in vhost-net of the Linux kernel, in order to
trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-vhost-net-get-rx-bufs-14558