Loop with Unreachable Exit Condition ('Infinite Loop')

CVE-2019-3900

High

7.7/10

Summary

An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: CHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-835 - Loop with Unreachable Exit Condition

Loops with multiple exits and flags detract from the quality of an application. They tend to make control structures difficult to understand, and introduce the risk of non-termination and other structural problems. The vulnerability “loop with unreachable exit condition” enables attackers to exploit this flaw, leading to denial of service.

References

Advisory Timeline

Published Apr 25, 2019

Loop with Unreachable Exit Condition ('Infinite Loop')

CVE-2019-3900

Summary

CWE-835 - Loop with Unreachable Exit Condition

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS