7.5

CVE-2020-27174

EPSS 0.56%
Veröffentlicht 16.10.2020 05:15:11
Zuletzt bearbeitet 21.11.2024 05:20:49
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Amazon ≫ Firecracker Version < 0.21.3

Amazon ≫ Firecracker Version >= 0.22.0 < 0.22.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.56%	0.657

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

http://www.openwall.com/lists/oss-security/2020/10/23/1

Third Party Advisory

https://github.com/firecracker-microvm/firecracker/issues/2177

Third Party Advisory

https://github.com/firecracker-microvm/firecracker/pull/2178

Patch

Third Party Advisory

https://github.com/firecracker-microvm/firecracker/pull/2179

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-27174

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-27174

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-27174

EUVD