vdsm is vulnerable to denial of service (DoS) attacks. The vulnerability exists as it was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host.
lists.nongnu.org/archive/html/qemu-block/2018-07/msg00488.html
access.redhat.com/errata/RHEA-2018:2624
access.redhat.com/security/cve/CVE-2018-10908
bugzilla.redhat.com/show_bug.cgi?id=1612904
bugzilla.redhat.com/show_bug.cgi?id=1614657
bugzilla.redhat.com/show_bug.cgi?id=1618352
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10908
gerrit.ovirt.org/#/c/93195/