Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implementation of the serial console may allocate an unbounded amount of memory #17

Closed
andreeaflorescu opened this issue Oct 14, 2020 · 0 comments · Fixed by #18
Closed
Labels
security A security enhancement or public security issue (do not use for reporting security vuln)

Comments

@andreeaflorescu
Copy link
Member

andreeaflorescu commented Oct 14, 2020

We have identified a possible DoS issue in rust-vmm/vm-superio v0.1.0.

Issue Description

The rust-vmm/vm-superio implementation of the serial console which emulates a UART port type 16550A allows buffering an unlimited number of bytes from input sources when using the FIFO functionality. This issue can not be triggered from the guest side. This issue presents no impact to AWS Services.

Impact

All VMMs that are using the FIFO functionality to forward host-side input from an untrusted source to the guest can be subject to a DoS issue. This issue cannot be triggered from serial output generated by the guest. When no rate limiting is in place, the host can be subject to memory pressure, impacting all other VMs running on the same host. Rate limiting the input from the host side also mitigates the issue.

Affected Systems

rust-vmm/vm-superio v0.1.0.

Proposed Mitigation

Impact can be mitigated by upgrading to vm-superio 0.1.1, configuring memory limits to the process that is using vm-superio, or by rate limiting the writes to the process standard input.

@andreeaflorescu andreeaflorescu added the security A security enhancement or public security issue (do not use for reporting security vuln) label Oct 14, 2020
andreeaflorescu referenced this issue in andreeaflorescu/vm-superio Oct 14, 2020
The fix for #17 includes breaking interface changes.
Updated the version in Cargo.toml so we can publish it to crates.io.

Signed-off-by: Andreea Florescu <fandree@amazon.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security A security enhancement or public security issue (do not use for reporting security vuln)
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant