CVE-2020-27174

In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:amazon:firecracker:*:*:*:*:*:*:*:*
cpe:2.3:a:amazon:firecracker:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:20

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2020/10/23/1 - Third Party Advisory () http://www.openwall.com/lists/oss-security/2020/10/23/1 - Third Party Advisory
References () https://github.com/firecracker-microvm/firecracker/issues/2177 - Third Party Advisory () https://github.com/firecracker-microvm/firecracker/issues/2177 - Third Party Advisory
References () https://github.com/firecracker-microvm/firecracker/pull/2178 - Patch, Third Party Advisory () https://github.com/firecracker-microvm/firecracker/pull/2178 - Patch, Third Party Advisory
References () https://github.com/firecracker-microvm/firecracker/pull/2179 - Patch, Third Party Advisory () https://github.com/firecracker-microvm/firecracker/pull/2179 - Patch, Third Party Advisory

Information

Published : 2020-10-16 05:15

Updated : 2024-11-21 05:20


NVD link : CVE-2020-27174

Mitre link : CVE-2020-27174

CVE.ORG link : CVE-2020-27174


JSON object : View

Products Affected

amazon

  • firecracker
CWE
CWE-401

Missing Release of Memory after Effective Lifetime