A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host.
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
| Link | Tags |
|---|---|
| https://security.gentoo.org/glsa/202011-09 | third party advisory vendor advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10717 | issue tracking third party advisory patch |
| https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00143.html | mailing list third party advisory patch |
| https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00141.html | third party advisory mailing list |
| https://www.openwall.com/lists/oss-security/2020/05/04/1 | mailing list third party advisory patch |