CVE-2020-27173
HIGHvm-superio < 0.1.1 - Unauthenticated Denial of Service via Serial Console FIFO
Title source: llmDescription
In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). This behavior cannot be reproduced from the guest side. When no rate limiting is in place, the host can be subject to memory pressure, impacting all other VMs running on the same host.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://github.com/rust-vmm/vm-superio/issues/17
Patch, Third Party Advisory x_refsource_misc
https://github.com/rust-vmm/vm-superio/pull/19
Scores
CVSS v3
7.5
EPSS
0.0151
EPSS Percentile
71.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-770
Status
published
Products (1)
vm-superio_project/vm-superio
< 0.1.1
Published
Oct 16, 2020
Tracked Since
Feb 18, 2026