Design/Logic Flaw

2020-10-1605:15:00

PRIOn knowledge base

www.prio-n.com

7.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.1%

JSON

In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host.

CPENameOperatorVersion
firecrackerge0.22.0
firecrackerlt0.22.1
firecrackerlt0.21.3

Name	Operator	Version
firecracker	ge	0.22.0
firecracker	lt	0.22.1
firecracker	lt	0.21.3

References

www.openwall.com/lists/oss-security/2020/10/23/1

github.com/firecracker-microvm/firecracker/issues/2177

github.com/firecracker-microvm/firecracker/pull/2178

github.com/firecracker-microvm/firecracker/pull/2179