CVE-2020-10717

Name of the Vulnerable Software and Affected Versions QEMU versions >= v5.0

Description A potential denial of service flaw was found in the virtio-fs shared file system daemon implementation. This issue occurs when a guest opens the maximum number of file descriptors under the shared directory, allowing a guest user or process to cause a denial of service on the host. Virtio-fs is designed to share a host file system directory with a guest via a virtio-fs device.

Recommendations For QEMU versions >= v5.0, consider restricting the number of file descriptors that can be opened by a guest under the shared directory to prevent a denial of service. As a temporary workaround, limiting the access to the shared directory or implementing resource limits for guest users/processes may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.