The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets.
Exploitability
AV:AAC:LAu:NImpact
C:NI:NA:C6.1/AV:A/AC:L/Au:N/C:N/I:N/A:C