QEMU 5.0 virtiofsd File Descriptor resource consumption

EntryeditHistoryDiffjsonxmlCTI

A vulnerability classified as problematic was found in QEMU 5.0 (Virtualization Software). Affected by this vulnerability is an unknown code of the component virtiofsd. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field05/05/2020 08:34 AM10/15/2020 09:07 AM10/15/2020 09:15 AM
nameQEMUQEMUQEMU
version5.05.05.0
componentvirtiofsdvirtiofsdvirtiofsd
input_typeFile DescriptorFile DescriptorFile Descriptor
risk111
cvss2_vuldb_basescore1.51.51.5
cvss2_vuldb_tempscore1.51.51.5
cvss2_vuldb_avLLL
cvss2_vuldb_acMMM
cvss2_vuldb_auSSS
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss3_meta_basescore3.33.33.3
cvss3_meta_tempscore3.33.33.3
cvss3_vuldb_basescore3.33.33.3
cvss3_vuldb_tempscore3.33.33.3
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
date1588550400 (05/04/2020)1588550400 (05/04/2020)1588550400 (05/04/2020)
locationBugzillaBugzillaBugzilla
typeBug ReportBug ReportBug Report
urlhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10717https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10717https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10717
price_0day$0-$5k$0-$5k$0-$5k
cveCVE-2020-10717CVE-2020-10717CVE-2020-10717
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
cvss3_nvd_basescore3.33.33.3
typeVirtualization SoftwareVirtualization SoftwareVirtualization Software
cwe400 (denial of service)400 (denial of service)400 (denial of service)
cvss3_nvd_avLLL
cvss3_nvd_acLLL
cvss3_nvd_prLLL
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cNNN
cvss3_nvd_iNNN
cvss3_nvd_aLLL
cve_assigned158466240015846624001584662400
cve_nvd_summaryA potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host.A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host.A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host.
confirm_urlhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10717https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10717
cve_cnaRed Hat, Inc.

Interested in the pricing of exploits?

See the underground prices here!