Headline
CVE-2020-10717: guest may open maximum file descriptor to cause DoS
A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host.
Keywords:
Status:
CLOSED ERRATA
Alias:
CVE-2020-10717
Product:
Security Response
Classification:
Other
Component:
vulnerability
Sub Component:
Version:
unspecified
Hardware:
All
OS:
Linux
Priority:
low
Severity:
low
Target Milestone:
—
Assignee:
Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
1817445 1830842 1830844 1830845
Blocks:
1825755
TreeView+
depends on / blocked
Reported:
2020-04-24 20:42 UTC by Prasad J Pandit
Modified:
2021-12-15 11:31 UTC (History)
CC List:
26 users (show)
Fixed In Version:
QEMU-5.0.1
Doc Type:
If docs needed, set a value
Doc Text:
A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host.
Clone Of:
Environment:
Last Closed:
2021-12-15 11:31:52 UTC