CVE-2014-0055

Advisory lineage Upstream: 0 Downstream: 14

Downstream

DEBIAN-CVE-2014-0055 MGASA-2014-0206 MGASA-2014-0207 MGASA-2014-0208 MGASA-2014-0228 MGASA-2014-0229

Modified

Published: 26 Mar 2014, 14:00

Last modified:06 Aug 2024, 09:05

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.5 MEDIUM

v2.0 (nvd)

EPSS Score

0.31% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

26 Mar 2014, 14:00

Published

Vulnerability first disclosed

06 Aug 2024, 09:05

Last Modified

Vulnerability information updated

Description

The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors.

CVSS Metrics

v2.0•MEDIUM•Score: 5.5AV:A/AC:L/Au:S/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 0.31%• Percentile: 54%

Affected Systems

redhat•enterprise_linux
6.0