Lucene search

[email protected]CVE-2021-32844

HistoryFeb 17, 2023 - 11:15 p.m.

CVE-2021-32844

2023-02-1723:15:11

CWE-476

[email protected]

web.nvd.nist.gov

hyperkit

cve-2021-32844

hypervisor

vi_pci_write

denial of service

nvd

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, vi_pci_write has is a call to vc_cfgwrite that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial of service. This issue is fixed in commit 451558fe8aaa8b24e02e34106e3bb9fe41d7ad13.

Affected configurations

Vulners

NVD

Node

mobyhyperkitRange≤0.20210107

CPENameOperatorVersion
mobyproject:hyperkitmobyproject hyperkitle0.20210107

CPE	Name	Operator	Version
mobyproject:hyperkit	mobyproject hyperkit	le	0.20210107

CNA Affected

[
  {
    "vendor": "moby",
    "product": "hyperkit",
    "versions": [
      {
        "version": "0.20210107",
        "status": "affected",
        "lessThanOrEqual": "0.20210107",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/moby/hyperkit/commit/451558fe8aaa8b24e02e34106e3bb9fe41d7ad13

github.com/moby/hyperkit/pull/313

securitylab.github.com/advisories/GHSL-2021-054_057-moby-hyperkit/

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2021-32844

cvelist1 prion1 osv1 nvd1