Denial of Service Vulnerability in Firecracker Network Stack by Amazon
CVE-2020-16843

5.9MEDIUM

Key Information:

Vendor

Amazon

Status
Firecracker
Vendor
CVE Published:
4 August 2020

What is CVE-2020-16843?

In certain versions of Firecracker, specifically 0.20.x prior to 0.20.1 and 0.21.x prior to 0.21.2, there exists a vulnerability in the network stack that may cause it to freeze when handling excessive incoming traffic. This behavior can result in a Denial of Service condition on the microVM, particularly when operating with a single network interface. As a result, the network interface can face severe availability issues, leading to disruptions in service for any dependent applications.

References

https://github.com/firecracker-microvm/firecracker/issues...
x_refsource_MISC
https://www.openwall.com/lists/oss-security/2020/08/13/1
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2020/08/13/1
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.