Vulnerability Details CVE-2019-3837
It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.0%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.9
References
Products affected by CVE-2019-3837
-
cpe:2.3:o:linux:linux_kernel:2.6.32
-
cpe:2.3:o:redhat:enterprise_linux:6.0