In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2020/10/23/1 | Third Party Advisory |
https://github.com/firecracker-microvm/firecracker/issues/2177 | Third Party Advisory |
https://github.com/firecracker-microvm/firecracker/pull/2178 | Patch Third Party Advisory |
https://github.com/firecracker-microvm/firecracker/pull/2179 | Patch Third Party Advisory |
http://www.openwall.com/lists/oss-security/2020/10/23/1 | Third Party Advisory |
https://github.com/firecracker-microvm/firecracker/issues/2177 | Third Party Advisory |
https://github.com/firecracker-microvm/firecracker/pull/2178 | Patch Third Party Advisory |
https://github.com/firecracker-microvm/firecracker/pull/2179 | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:20
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2020/10/23/1 - Third Party Advisory | |
References | () https://github.com/firecracker-microvm/firecracker/issues/2177 - Third Party Advisory | |
References | () https://github.com/firecracker-microvm/firecracker/pull/2178 - Patch, Third Party Advisory | |
References | () https://github.com/firecracker-microvm/firecracker/pull/2179 - Patch, Third Party Advisory |
Information
Published : 2020-10-16 05:15
Updated : 2024-11-21 05:20
NVD link : CVE-2020-27174
Mitre link : CVE-2020-27174
CVE.ORG link : CVE-2020-27174
JSON object : View
Products Affected
amazon
- firecracker
CWE
CWE-401
Missing Release of Memory after Effective Lifetime