Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial readline in virt-handler causes oom denial of service
Vulnerability Description
A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine(), which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the downward metrics virtio-serial device configured can write a continuous byte stream to the device, causing unbounded memory allocation in the virt-handler process until it is OOM-killed.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
KubeVirt 资源管理错误漏洞
Vulnerability Description
KubeVirt是KubeVirt组织开源的一款用于在 Kubernetes 上直接运行和管理虚拟机的开源工具,让容器化应用和传统虚拟机工作负载可以在同一个平台上共存。 KubeVirt存在资源管理错误漏洞,该漏洞源于downward metrics virtio-serial服务在读取客户请求时使用无长度限制的缓冲方式,可能导致virt-handler进程内存无限分配直至被OOM-kill。
CVSS Information
N/A
Vulnerability Type
N/A