[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2020-27174: Firecracker serial console emulation may allocate an unbounded amount
From:       "Iordache, Alexandra" <aghecen () amazon ! com>
Date:       2020-10-23 10:42:14
Message-ID: 1603449734487.64669 () amazon ! com
[Download RAW message or body]


We have identified an issue in the Firecracker serial console emulation of =
all Firecracker versions up to v0.21.2 and Firecracker v0.22.0

# Issue Description

The Firecracker implementation of the serial console emulation allows buffe=
ring of an unlimited number of bytes when data is written to the Firecracke=
r process standard input at a high rate.

# Impact

Firecracker customers that forward the standard input of the Firecracker pr=
ocess to untrusted users can become subject to DoS attacks. If memory limit=
s are not imposed on the Firecracker process, this might impair other micro=
VMs on the same host from allocating memory, potentially becoming an availa=
bility issue.

Serial output generated by the guest can't trigger the issue.

# Affected Systems

Firecracker versions v0.22.0 and v0.21.2, while all older releases might be=
 impacted.

# Mitigation

Impact can be mitigated by applying memory limits to the Firecracker proces=
s or by applying a rate limit when writing to the Firecracker process stand=
ard input.

Customers may apply:
Patched binaries mitigating this issue have been released as Firecracker v0=
.21.3[1] and Firecracker v0.22.1[2].
If you are using Firecracker versions up to v0.21.2 or Firecracker v0.22.0,=
 we recommend you apply the provided fix.

[1] https://github.com/firecracker-microvm/firecracker/releases/tag/v0.21.3
[2] https://github.com/firecracker-microvm/firecracker/releases/tag/v0.22.1?


Best regards,
Alexandra on behalf of the Firecracker maintainers team?




Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar=
 Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in R=
omania. Registration number J22/2621/2005.


[prev in list] [next in list] [prev in thread] [next in thread]