oss-sec mailing list archives
Re: Possible CVE request: virtualbox virtio-net host DoS
From: Oracle Security Alerts <secalert_us () oracle com>
Date: Fri, 05 Jul 2013 13:03:39 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Kurt, On 7/5/13 12:22 PM, Kurt Seifried wrote:
On 07/05/2013 04:13 AM, Raphael Geissert wrote:Hi,Quoting [1]:I have discovered a problem with virtio-net that leads to a lockup of the host machine's kernel and the need for a hard reset to make it working again.The bug is said to be worked around in version 4.2.14 and really fixed in 4.2.16, but the changelog of either version doesn't reference that ticket.Rumors say that virtualbox makes the host randomly hang, but since there is an actual bug report and confirmation from upstream this time I guess a CVE id should be assigned.[1] https://www.virtualbox.org/ticket/11863 [2] https://www.virtualbox.org/wiki/Changelog [3] https://secunia.com/advisories/53858/Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.netOracle is a CNA so they should handle this: http://cve.mitre.org/cve/cna.html CC'ing them. Can you guys assign one quickly so this can be properly tracked? Thanks!
Please use CVE-2013-3792 to track this issue. Thanks, - -Ritwik Ghoshal - -- Best Regards, Oracle Security Alerts -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlHXJpoACgkQf36Vx1dNy5qhPgCfekd/nmFXwk7kADDn1N5QuSJF XJwAn2JZH6u6EYRYdLeGy59VhMhzq8o5 =z5Rn -----END PGP SIGNATURE-----
Current thread:
- Possible CVE request: virtualbox virtio-net host DoS Raphael Geissert (Jul 05)
- Re: Possible CVE request: virtualbox virtio-net host DoS Kurt Seifried (Jul 05)
- Re: Possible CVE request: virtualbox virtio-net host DoS Oracle Security Alerts (Jul 05)
- Re: Possible CVE request: virtualbox virtio-net host DoS Kurt Seifried (Jul 05)