Re: Possible CVE request: virtualbox virtio-net host DoS

[Oracle Security Alerts <secalert_us () oracle com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Kurt,

On 7/5/13 12:22 PM, Kurt Seifried wrote:
> On 07/05/2013 04:13 AM, Raphael Geissert wrote:
> > Hi,
>
> > Quoting [1]:
> > > I have discovered a problem with virtio-net that leads to a 
> > > lockup of the host machine's kernel and the need for a hard
> > > reset to make it working again.
>
> > The bug is said to be worked around in version 4.2.14 and really 
> > fixed in 4.2.16, but the changelog of either version doesn't 
> > reference that ticket.
>
> > Rumors say that virtualbox makes the host randomly hang, but
> > since there is an actual bug report and confirmation from
> > upstream this time I guess a CVE id should be assigned.
>
> > [1] https://www.virtualbox.org/ticket/11863 [2] 
> > https://www.virtualbox.org/wiki/Changelog [3] 
> > https://secunia.com/advisories/53858/
>
> > Cheers, -- Raphael Geissert - Debian Developer www.debian.org - 
> > get.debian.net
>
> Oracle is a CNA so they should handle this:
>
> http://cve.mitre.org/cve/cna.html
>
> CC'ing them. Can you guys assign one quickly so this can be
> properly tracked? Thanks!

Please use CVE-2013-3792 to track this issue.

Thanks,
- -Ritwik Ghoshal

- --
Best Regards,

Oracle Security Alerts
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlHXJpoACgkQf36Vx1dNy5qhPgCfekd/nmFXwk7kADDn1N5QuSJF
XJwAn2JZH6u6EYRYdLeGy59VhMhzq8o5
=z5Rn
-----END PGP SIGNATURE-----