Denial of Service Vulnerability in QEMU Virtio-FS Shared File System Daemon
CVE-2020-10717

3.3LOW

Key Information:

Vendor: The Qemu Project
Status: Qemu
Vendor: CVE Published:; 4 May 2020

🔔 Create The Qemu Project Vulnerability Alert

What is CVE-2020-10717?

A weakness has been identified in the QEMU Virtio-FS shared file system daemon (virtiofsd) that can lead to a denial of service. Specifically, if a guest operating system opens the maximum number of file descriptors for directories shared via virtio-fs, it can exhaust resources on the host system. This can prevent other processes from accessing the shared file system, effectively causing service interruptions. Administrators should take necessary precautions to monitor and limit file descriptors to mitigate potential exploitation of this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

QEMU >= QEMU v5.0

References

https://security.gentoo.org/glsa/202011-09

vendor-advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10717

https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg...

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 4, 2020
Vulnerability Reserved
Mar 20, 2020

JSON

The Qemu Project

What is CVE-2020-10717?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.