Vulnerabilities > CVE-2020-27174 - Memory Leak vulnerability in Amazon Firecracker
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://www.openwall.com/lists/oss-security/2020/10/23/1
- http://www.openwall.com/lists/oss-security/2020/10/23/1
- https://github.com/firecracker-microvm/firecracker/issues/2177
- https://github.com/firecracker-microvm/firecracker/issues/2177
- https://github.com/firecracker-microvm/firecracker/pull/2178
- https://github.com/firecracker-microvm/firecracker/pull/2178
- https://github.com/firecracker-microvm/firecracker/pull/2179
- https://github.com/firecracker-microvm/firecracker/pull/2179