oss-sec mailing list archives
CVE-2020-10717 QEMU: virtiofsd: guest may open maximum file descriptor to cause DoS
From: P J P <ppandit () redhat com>
Date: Mon, 4 May 2020 11:40:42 +0530 (IST)
Hello,A potential DoS issue was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU. Virtiofsd is meant to share a host file system directory with a guest via virtio-fs device. The said DoS may occur on the host, if the guest was to open the maximum number of file descriptors under the shared directory. A guest user/process may use this flaw to cause DoS issue on the host.
Upstream patch(es): ------------------- -> https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00143.html -> https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00141.html This issue was reported by Yuval Avrahami of Palo Alto Networks. Thank you. -- Prasad J Pandit / Red Hat Product Security Team 8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
Current thread:
- CVE-2020-10717 QEMU: virtiofsd: guest may open maximum file descriptor to cause DoS P J P (May 03)