Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAA7hUgH1p_ZzYJ-B3mkT++xTNt2KzZh-KbfnQF3gqkbiyM=-Ew@mail.gmail.com>
Date: Fri, 5 Jul 2013 12:13:56 +0200
From: Raphael Geissert <geissert@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Possible CVE request: virtualbox virtio-net host DoS

Hi,

Quoting [1]:
> I have discovered a problem with virtio-net that leads to a lockup of the host
> machine's kernel and the need for a hard reset to make it working again.

The bug is said to be worked around in version 4.2.14 and really fixed
in 4.2.16, but the changelog of either version doesn't reference that
ticket.

Rumors say that virtualbox makes the host randomly hang, but since
there is an actual bug report and confirmation from upstream this time
I guess a CVE id should be assigned.

[1] https://www.virtualbox.org/ticket/11863
[2] https://www.virtualbox.org/wiki/Changelog
[3] https://secunia.com/advisories/53858/

Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.