Skip to main content

Allocation of Resources Without Limits or Throttling

CVE-2020-10717

Severity Medium
Score 6.5/10

Summary

A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version 5.0.0-rc0 before 5.0.1. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host.

  • LOW
  • LOCAL
  • NONE
  • CHANGED
  • NONE
  • LOW
  • NONE
  • HIGH

CWE-770 - Allocation of Resources Without Limits or Throttling

The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

Advisory Timeline

  • Published