CVE-2020-27174
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host.
En Amazon AWS Firecracker versiones anteriores a 0.21.3 y versiones 0.22.x anteriores a 0.22.1, el búfer de la consola serial puede aumentar su uso de memoria sin límite cuando los datos son enviados a la entrada estándar. Esto puede resultar en una pérdida de memoria en el subproceso (hilo) de emulación microVM, posiblemente ocupando más memoria de la prevista en el host
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-10-16 CVE Reserved
- 2020-10-16 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2020/10/23/1 | Mailing List |
|
| https://github.com/firecracker-microvm/firecracker/issues/2177 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/firecracker-microvm/firecracker/pull/2178 | 2021-07-21 | |
| https://github.com/firecracker-microvm/firecracker/pull/2179 | 2021-07-21 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Amazon Search vendor "Amazon" | Firecracker Search vendor "Amazon" for product "Firecracker" | < 0.21.3 Search vendor "Amazon" for product "Firecracker" and version " < 0.21.3" | - |
Affected
| ||||||
| Amazon Search vendor "Amazon" | Firecracker Search vendor "Amazon" for product "Firecracker" | >= 0.22.0 < 0.22.1 Search vendor "Amazon" for product "Firecracker" and version " >= 0.22.0 < 0.22.1" | - |
Affected
| ||||||