Lucene search

[email protected]NVD:CVE-2021-32843

HistoryFeb 17, 2023 - 11:15 p.m.

CVE-2021-32843

2023-02-1723:15:11

CWE-476

[email protected]

web.nvd.nist.gov

hyperkit

toolkit

hypervisor

denial of service

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, virtio.c has is a call to vc_cfgread that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial of service. This issue is fixed in commit df0e46c7dbfd81a957d85e449ba41b52f6f7beb4.

Affected configurations

NVD

Node

mobyprojecthyperkitRange≤0.20210107

References

github.com/moby/hyperkit/commit/df0e46c7dbfd81a957d85e449ba41b52f6f7beb4

github.com/moby/hyperkit/pull/313

securitylab.github.com/advisories/GHSL-2021-054_057-moby-hyperkit/

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2021-32843

cve1 prion1 cvelist1 osv1