The vulnerability can be resolved by either using the GitHub integration to generate a pull-request from your dashboard or by running snyk wizard from the command-line interface. Otherwise, Upgrade ejs to version 2.5.3 or higher.

Allocation of Resources Without Limits or Throttling in qemu-kvm-debugsource | CVE-2020-10717

Threat Intelligence

0.05% (17^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Allocation of Resources Without Limits or Throttling vulnerabilities in an interactive lesson.

Start learning

Snyk IDSNYK-RHEL8-QEMUKVMDEBUGSOURCE-1338720
published26 Jul 2021
disclosed30 Apr 2020

Report a new vulnerability Found a mistake?

Introduced: 30 Apr 2020

CVE-2020-10717 (opens in a new tab) CWE-770 (opens in a new tab)

Amendment

The Red Hat security team deemed this advisory irrelevant for RHEL:8.

NVD Description

Note: Versions mentioned in the description apply only to the upstream qemu-kvm-debugsource package and not the qemu-kvm-debugsource package as distributed by RHEL.

A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation of the QEMU version >= v5.0. Virtio-fs is meant to share a host file system directory with a guest via virtio-fs device. If the guest opens the maximum number of file descriptors under the shared directory, a denial of service may occur. This flaw allows a guest user/process to cause this denial of service on the host.

Allocation of Resources Without Limits or Throttling The advisory has been revoked - it doesn't affect any version of package qemu-kvm-debugsource (opens in a new tab)