CVE-2014-0077

NameCVE-2014-0077
Descriptiondrivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)buster4.19.249-2fixed
buster (security)4.19.304-1fixed
bullseye5.10.209-2fixed
bullseye (security)5.10.205-2fixed
bookworm6.1.76-1fixed
bookworm (security)6.1.69-1fixed
sid, trixie6.6.15-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcewheezy3.2.57-1
linuxsource(unstable)3.13.10-1
linux-2.6source(unstable)(not affected)

Notes

- linux-2.6 <not-affected> (Vulnerable code not present)
seems introduced in https://github.com/torvalds/linux/commit/8dd014adfea6f173c1ef6378f7e5e7924866c923
qemu is built with support for vhost_net, module loaded post-wheezy when linux < 3.4 but root:root 0600

Search for package or bug name: Reporting problems