In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). This behavior cannot be reproduced from the guest side. When no rate limiting is in place, the host can be subject to memory pressure, impacting all other VMs running on the same host.
References
Link | Resource |
---|---|
https://github.com/rust-vmm/vm-superio/issues/17 | Third Party Advisory |
https://github.com/rust-vmm/vm-superio/pull/19 | Patch Third Party Advisory |
https://github.com/rust-vmm/vm-superio/issues/17 | Third Party Advisory |
https://github.com/rust-vmm/vm-superio/pull/19 | Patch Third Party Advisory |
Configurations
History
21 Nov 2024, 05:20
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/rust-vmm/vm-superio/issues/17 - Third Party Advisory | |
References | () https://github.com/rust-vmm/vm-superio/pull/19 - Patch, Third Party Advisory |
Information
Published : 2020-10-16 04:15
Updated : 2024-11-21 05:20
NVD link : CVE-2020-27173
Mitre link : CVE-2020-27173
CVE.ORG link : CVE-2020-27173
JSON object : View
Products Affected
vm-superio_project
- vm-superio
CWE
CWE-770
Allocation of Resources Without Limits or Throttling