Red Hat Bugzilla – Bug 1605065
CVE-2018-10908 vdsm: calls to qemu-img are not protected by prlimit/ulimit
Last modified: 2018-11-05 18:13:46 EST
A vulnerability was found in ovirt, allowing a user to consume large amounts of memory or CPU time on the host by uploading a maliciously crafted image. This could lead to denial of service on the host, potentially impacting other users.
See also CVE-2015-5162, essentially the same issue on Openstack.
Red Hat Enterprise Virtualization 3 is now in Extended Life Phase of the support and maintenance lifecycle. Red Hat Product Security has rated this issue as having a security impact of Moderate, and it is not currently planned to be addressed in future updates of Red Hat Virtualization 3. For additional information, refer to the Red Hat Virtualization Life Cycle: https://access.redhat.com/support/policy/updates/rhev/
Name: Nir Soffer (Red Hat)