Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 720896 (CVE-2020-10717)

Summary: <app-emulation/qemu-5.1.0: Denial of service by file descriptor exhaustion in shared virtio-fs directory (CVE-2020-10717)
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: jchelmert3, slyfox, tamiko, virtualization
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.openwall.com/lists/oss-security/2020/05/04/1
Whiteboard: B3 [glsa+ cve]
Package list:
Runtime testing required: ---
Bug Depends on: 725634    
Bug Blocks:    

Description Sam James archtester gentoo-dev Security 2020-05-04 06:36:37 UTC
From URL:

   Hello,

A potential DoS issue was found in the virtio-fs shared file system daemon 
(virtiofsd) implementation of the QEMU. Virtiofsd is meant to share a host 
file system directory with a guest via virtio-fs device. The said DoS may 
occur on the host, if the guest was to open the maximum number of file 
descriptors under the shared directory. A guest user/process may use this flaw 
to cause DoS issue on the host.

Upstream patch(es):
-------------------
   -> https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00143.html
   -> https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00141.html

This issue was reported by Yuval Avrahami of Palo Alto Networks.
Comment 1 Sam James archtester gentoo-dev Security 2020-05-04 06:38:48 UTC
Landed upstream already: https://git.qemu.org/?p=qemu.git;a=commit;h=8c1d353d107b4fc344e27f2f08ea7fa25de2eea2

@maintainer(s), you may wish to apply other patches relating to virtiofsd too, committed before/after.
Comment 2 John Helmert III (ajak) 2020-08-14 02:32:07 UTC
Fix is in 5.1.0.

qemu $ git tag --contains=8c1d353d107b4
v5.1.0
v5.1.0-rc0
v5.1.0-rc1
v5.1.0-rc2
v5.1.0-rc3
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2020-11-11 03:49:54 UTC
This issue was resolved and addressed in
 GLSA 202011-09 at https://security.gentoo.org/glsa/202011-09
by GLSA coordinator Sam James (sam_c).
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2020-11-11 03:50:19 UTC
This issue was resolved and addressed in
 GLSA 202011-09 at https://security.gentoo.org/glsa/202011-09
by GLSA coordinator Sam James (sam_c).