CVE-2020-27174
Summary
| CVE | CVE-2020-27174 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-10-16 05:15:00 UTC |
| Updated | 2021-07-21 11:39:00 UTC |
| Description | In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host. |
Risk And Classification
Problem Types: CWE-401
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Amazon | Firecracker | All | All | All | All |
| Application | Amazon | Firecracker | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [v0.22.1] Fix serial memory allocation issue. by sandreim · Pull Request #2179 · firecracker-microvm/firecracker · GitHub | MISC | github.com | Patch, Third Party Advisory |
| [v0.21.3] Fix serial memory allocation issue by sandreim · Pull Request #2178 · firecracker-microvm/firecracker · GitHub | MISC | github.com | Patch, Third Party Advisory |
| oss-security - CVE-2020-27174: Firecracker serial console emulation may allocate an unbounded amount of memory | MLIST | www.openwall.com | Third Party Advisory |
| Firecracker serial console emulation may allocate an unbounded amount of memory · Issue #2177 · firecracker-microvm/firecracker · GitHub | MISC | github.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.