Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2020-27173

Published: 16/10/2020 Updated: 21/07/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

In vm-superio prior to 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). This behavior cannot be reproduced from the guest side. When no rate limiting is in place, the host can be subject to memory pressure, impacting all other VMs running on the same host.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vm-superio project vm-superio

Github Repositories

https://github.com/rust-vmm/vm-superio

Emulation for legacy devices

vm-superio vm-superio provides emulation for legacy devices For now, it offers this support only for the Linux serial console, a minimal i8042 PS/2 Controller and an ARM PL031 Real Time Clock To enable snapshot use cases, such as live migration, it also provides support for saving and restoring the state, and for persisting it In order to achieve this, and to keep a clear se

References

CWE-770https://github.com/rust-vmm/vm-superio/pull/19https://github.com/rust-vmm/vm-superio/issues/17https://nvd.nist.govhttps://github.com/rust-vmm/vm-superio
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367CVE-2024-3611CVE-2024-4947CVE-2024-32988CVE-2020-35165local file inclusionCVE-2024-4980bypassmalicious code‎
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook