CVE-2020-10717Allocation of Resources Without Limits or Throttling in Qemu

CWE-770Allocation of Resources Without Limits or ThrottlingCWE-400Uncontrolled Resource Consumption7 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 62.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
QemuDebian QemuTHE Qemu Project Qemu
Timeline
PublishedMay 4
Latest updateMay 24

Description

A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages4 packages

NVDqemu/qemu5.05.0.1
debiandebian/qemu< qemu 1:5.0-5 (bookworm)
Debianqemu/qemu< 1:5.0-5+3
CVEListV5the_qemu_project/qemu>= QEMU v5.0

Patches

Patch: bugzilla.redhat.comPatch: lists.gnu.orgPatch: www.openwall.com

🔴Vulnerability Details

2
GHSA
GHSA-mjrj-9494-78rr: A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v52022-05-24
OSV
CVE-2020-10717: A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v52020-05-04

📋Vendor Advisories

2
Red Hat
QEMU: virtiofsd: guest may open maximum file descriptor to cause DoS2020-04-30
Debian
CVE-2020-10717: qemu - A potential DoS flaw was found in the virtio-fs shared file system daemon (virti...2020

💬Community

2
Bugzilla
CVE-2020-10717 qemu: virtiofsd: guest may open maximum file descriptor to cause DoS [fedora-rawhide]2020-05-04
Bugzilla
CVE-2020-10717 QEMU: virtiofsd: guest may open maximum file descriptor to cause DoS2020-04-24