Upstream information

CVE-2010-0741 at MITRE

Description

The virtio_net_bad_features function in hw/virtio-net.c in the virtio-net driver in the Linux kernel before 2.6.26, when used on a guest OS in conjunction with qemu-kvm 0.11.0 or KVM 83, allows remote attackers to cause a denial of service (guest OS crash, and an associated qemu-kvm process exit) by sending a large amount of network traffic to a TCP port on the guest OS, related to a virtio-net whitelist that includes an improper implementation of TCP Segment Offloading (TSO).

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.8
Vector AV:N/AC:L/Au:N/C:N/I:N/A:C
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete

Note from the SUSE Security Team

We do not support virtio drivers before 2.6.26 (SLES 10 SP3 has a 2.6.27 based), so we are not affected by this issue.,We do not support virtio drivers before 2.6.26 (SUSE Linux Enterprise 10 SP3 has a 2.6.27 based), so we are not affected by this issue.

SUSE Bugzilla entry: 596032 [RESOLVED / INVALID]

No SUSE Security Announcements cross referenced.