Date: Thu, 13 Aug 2020 08:38:15 +0000 From: "Iorga, Serban" <seriorga@...zon.com> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: CVE-2020-16843: Firecracker v0.20.0, v0.21.0 and v0.21.1 network stack can freeze under heavy ingress traffic We have identified an issue in the Firecracker v0.20.0, v0.21.0 and v0.21.1 virtio-net emulation. # Issue Description Under heavy network ingress traffic, when the host TAP interface's receive queue is not drained and the guest virtio-net device's receive queue is full, the microVM network interface ingress can freeze. There is no possibility to recover from this state, resulting in a denial of service on the microVM when it is configured with a single network interface, and causing an availability problem for the microVM network interface on which the issue is triggered. This issue is difficult to reproduce with TCP traffic. The TCP congestion algorithm makes it harder to fill both the TAP interface and virtio receive queues. # Impact When this issue is triggered, the guest kernel network interface will no longer receive packets. # Vulnerable Systems Firecracker releases v0.20.0, v0.21.0 and v0.21.1 are affected. # Mitigation Patched binaries mitigating this issue have been released as Firecracker v0.20.1 and Firecracker v0.21.2. If you are using Firecracker v0.20.0, v0.21.0 or v0.21.1, we recommend you apply the provided fix. If you are using Firecracker v0.19.1 or below, you do not need to take any action.  https://github.com/firecracker-microvm/firecracker/releases/tag/v0.20.1  https://github.com/firecracker-microvm/firecracker/releases/tag/v0.21.2 Best Regards, Serban Iorga on behalf of the Firecracker maintainers team. Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005. Amazon Development Center (Romania) S.R.L. registered office: 27A Sf. Lazar Street, UBC5, floor 2, Iasi, Iasi County, 700045, Romania. Registered in Romania. Registration number J22/2621/2005.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.