Bug 828668 (CVE-2013-3792) - VUL-0: CVE-2013-3792: VirtualBox: virtuio-net host DoS
Summary: VUL-0: CVE-2013-3792: VirtualBox: virtuio-net host DoS
Status: RESOLVED FIXED
Alias: CVE-2013-3792
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other openSUSE 13.1
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Michal Seben
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-07-09 12:52 UTC by Marcus Meissner
Modified: 2015-04-07 10:03 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2013-07-09 12:52:43 UTC 
is public, via oss-sec

From: Raphael Geissert <geissert@debian.org>
Subject: [oss-security] Possible CVE request: virtualbox virtio-net host DoS

Hi,

Quoting [1]:
> I have discovered a problem with virtio-net that leads to a lockup of the host
> machine's kernel and the need for a hard reset to make it working again.

The bug is said to be worked around in version 4.2.14 and really fixed
in 4.2.16, but the changelog of either version doesn't reference that
ticket.

Rumors say that virtualbox makes the host randomly hang, but since
there is an actual bug report and confirmation from upstream this time
I guess a CVE id should be assigned.

[1] https://www.virtualbox.org/ticket/11863
[2] https://www.virtualbox.org/wiki/Changelog
[3] https://secunia.com/advisories/53858/
Comment 1 Swamp Workflow Management 2013-07-09 22:00:13 UTC 
bugbot adjusting priority
Comment 3 Johannes Segitz 2015-04-07 10:03:36 UTC 
closed in all supported versions