Lucene search

GoogleOSV:CVE-2021-32844

HistoryFeb 17, 2023 - 11:15 p.m.

CVE-2021-32844

2023-02-1723:15:11

Google

osv.dev

hyperkit

vulnerability

vi_pci_write

vc_cfgwrite

denial of service

commit 451558fe8aaa8b24e02e34106e3bb9fe41d7ad13

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, vi_pci_write has is a call to vc_cfgwrite that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial of service. This issue is fixed in commit 451558fe8aaa8b24e02e34106e3bb9fe41d7ad13.

CPENameOperatorVersion
hyperkiteq0.20190802
hyperkiteq0.20170519
hyperkiteq0.20200908
hyperkiteq0.20170511
hyperkiteq0.20171020
hyperkiteq0.20170425
hyperkiteq0.20170214
hyperkiteq0.20170227
hyperkiteq0.20180123
hyperkiteq0.20210107

Name	Operator	Version
hyperkit	eq	0.20190802
hyperkit	eq	0.20170519
hyperkit	eq	0.20200908
hyperkit	eq	0.20170511
hyperkit	eq	0.20171020
hyperkit	eq	0.20170425
hyperkit	eq	0.20170214
hyperkit	eq	0.20170227
hyperkit	eq	0.20180123
hyperkit	eq	0.20210107

Rows per page:

1-10 of 171

References

github.com/moby/hyperkit/commit/451558fe8aaa8b24e02e34106e3bb9fe41d7ad13

github.com/moby/hyperkit/pull/313

securitylab.github.com/advisories/GHSL-2021-054_057-moby-hyperkit/

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for OSV:CVE-2021-32844