CVE-2020-27174

EUVD-2020-19698
In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
amazonfirecracker
𝑥
< 0.21.3
amazonfirecracker
0.22.0 ≤
𝑥
< 0.22.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2020/10/23/1
https://github.com/firecracker-microvm/firecracker/issues/2177
https://github.com/firecracker-microvm/firecracker/pull/2178
https://github.com/firecracker-microvm/firecracker/pull/2179
http://www.openwall.com/lists/oss-security/2020/10/23/1
https://github.com/firecracker-microvm/firecracker/issues/2177
https://github.com/firecracker-microvm/firecracker/pull/2178
https://github.com/firecracker-microvm/firecracker/pull/2179