735978 – (CVE-2020-16843) app-emulation/firecracker: DoS vulnerabilities (CVE-2020-{16843,27174})

Bug 735978 (CVE-2020-16843) - app-emulation/firecracker: DoS vulnerabilities (CVE-2020-{16843,27174})

Summary: app-emulation/firecracker: DoS vulnerabilities (CVE-2020-{16843,27174})

Status:	RESOLVED FIXED

Alias:	CVE-2020-16843

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:	https://github.com/firecracker-microv...
Whiteboard:	~3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2020-08-05 00:25 UTC by John Helmert III
Modified:	2021-12-11 17:56 UTC (History)
CC List:	4 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2020-08-05 00:25:01 UTC

CVE-2020-16843:

Under heavy network ingress traffic, when the host TAP interface's receive queue is not drained and the guest virtio-net device's receive queue is full, the microVM network interface ingress can freeze. There is no possibility to recover from this state, resulting in a denial of service on the microVM when it is configured with a single network interface, and causing an availability problem for the microVM network interface on which the issue is triggered.

This issue is difficult to reproduce with TCP traffic. The TCP congestion algorithm makes it harder to fill both the TAP interface and virtio receive queues.



Fixed in 0.21.2 on the 0.21.x branch. Maintainer, please bump.

Comment 1 John Helmert III archtester

2020-10-23 15:56:46 UTC

CVE-2020-27174:

In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host.

Comment 2 Larry the Git Cow gentoo-dev

2021-11-11 18:54:37 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6dad846bbe647b8bda55b79268c2f0bc202fe564

commit 6dad846bbe647b8bda55b79268c2f0bc202fe564
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2021-11-11 18:34:37 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2021-11-11 18:54:10 +0000

    profiles: last-rite app-emulation/firecracker
    
    Bug: https://bugs.gentoo.org/735978
    Bug: https://bugs.gentoo.org/794907
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 profiles/package.mask | 5 +++++
 1 file changed, 5 insertions(+)

Comment 3 Larry the Git Cow gentoo-dev

2021-12-11 16:10:21 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=80c1072c18826e7d0cd29e99405544d098fc8c6a

commit 80c1072c18826e7d0cd29e99405544d098fc8c6a
Author:     Jakov Smolić <jsmolic@gentoo.org>
AuthorDate: 2021-12-11 16:07:33 +0000
Commit:     Jakov Smolić <jsmolic@gentoo.org>
CommitDate: 2021-12-11 16:07:33 +0000

    app-emulation/firecracker: treeclean
    
    Closes: https://bugs.gentoo.org/794907
    Bug: https://bugs.gentoo.org/735978
    Signed-off-by: Jakov Smolić <jsmolic@gentoo.org>

 app-emulation/firecracker/Manifest                 | 35 ---------
 .../firecracker/firecracker-0.21.1-r1.ebuild       | 89 ----------------------
 app-emulation/firecracker/metadata.xml             |  5 --
 profiles/package.mask                              |  5 --
 4 files changed, 134 deletions(-)

Comment 4 John Helmert III archtester

2021-12-11 17:56:05 UTC

-bin doesn't seem to have been affected, Firecracker's gone, no GLSA so all done!