1827808 – (CVE-2020-10717) CVE-2020-10717 QEMU: virtiofsd: guest may open maximum file descriptor to cause DoS

Bug 1827808 (CVE-2020-10717) - CVE-2020-10717 QEMU: virtiofsd: guest may open maximum file descriptor to cause DoS

Summary: CVE-2020-10717 QEMU: virtiofsd: guest may open maximum file descriptor to cau...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2020-10717
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1817445 1830842 1830844 1830845
Blocks:	1825755
TreeView+	depends on / blocked

Reported:	2020-04-24 20:42 UTC by Prasad Pandit
Modified:	2022-10-02 21:51 UTC (History)
CC List:	26 users (show)
Fixed In Version:	QEMU-5.0.1
Doc Type:	If docs needed, set a value
Doc Text:	A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host.
Clone Of:
Environment:
Last Closed:	2021-12-15 11:31:52 UTC
Embargoed:

Attachments	(Terms of Use)

Description Prasad Pandit 2020-04-24 20:42:59 UTC

A potential DoS issue was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU. Virtiofsd is meant to share a host file system directory with a guest via virtio-fs device. The said DoS may occur on the host, if the guest was to open the maximum number of file descriptors under the shared directory. A guest user/process may use this flaw to cause DoS issue on the host.

Upstream patch(es):
-------------------
  -> https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00143.html
  -> https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00141.html

Reference:
----------
  -> https://www.openwall.com/lists/oss-security/2020/05/04/1

Comment 1 Prasad Pandit 2020-04-24 20:43:05 UTC

Acknowledgments:

Name: Yuval Avrahami (Palo Alto Networks)

Comment 3 Prasad Pandit 2020-05-04 05:51:21 UTC

Created qemu tracking bugs for this issue:

Affects: fedora-rawhide [bug 1830842]

Note You need to log in before you can comment on or make changes to this bug.

amit
berrange
cfergeau
dgilbert
dwmw2
itamar
jen
jferlan
jjoyce
jmaloy
jschluet
knoel
lhh
lpeer
mburns
mkenneth
mrezanin
mst
pbonzini
ribarry
rjones
sclewis
security-response-team
slinaber
virt-maint
virt-maint