CVE-2019-3837

It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption.

Published : 2019-04-11 15:29 Updated : 2019-10-09 23:49

4.9
CVSS Score More info
Score 4.9 / 10
4.9
Vendor Product Version URI
Linux Linux Kernel 2.6.32 cpe:/o:linux:linux_kernel:2.6.32
Redhat Enterprise Linux 6.0 cpe:/o:redhat:enterprise_linux:6.0
  1. Linux (1) Search CVE
    1. Linux Kernel (1) Search CVE
      1. 2.6.32
  2. Redhat (1) Search CVE
    1. Enterprise Linux (1) Search CVE
      1. 6.0

CWE

ID Name Description Links
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. CVE

History of changes

Date Event
2019-04-22 17:48
2019-04-12 13:49

New CVE