CVE-2020-10717

low-risk
Published 2020-05-04

A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host.

Do I need to act?

-
0.16% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.3/10 Low
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Qemu

References (10)

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10717
Mailing List https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00141.html
Mailing List https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00143.html
Third Party Advisory https://security.gentoo.org/glsa/202011-09
Mailing List https://www.openwall.com/lists/oss-security/2020/05/04/1
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10717
Mailing List https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00141.html
Mailing List https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00143.html
Third Party Advisory https://security.gentoo.org/glsa/202011-09
Mailing List https://www.openwall.com/lists/oss-security/2020/05/04/1
19
/ 100
low-risk
Severity 13/34 · Low
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal