47 matches found
CVE-2021-32844
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, vipciwrite has is a call to vccfgwrite that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denia...
CVE-2021-32845
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, the implementation of qnotify at pcivtrndnotify fails to check the return value of vqgetchain. This leads to struct iovec iov; being uninitialized and used to read memory i...
CVE-2021-32843
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, virtio.c has is a call to vccfgread that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial o...
CVE-2021-32843
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, virtio.c has is a call to vccfgread that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial o...
CVE-2021-32844
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, vipciwrite has is a call to vccfgwrite that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denia...
CVE-2021-32845
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, the implementation of qnotify at pcivtrndnotify fails to check the return value of vqgetchain. This leads to struct iovec iov; being uninitialized and used to read memory i...
Code injection
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, vipciwrite has is a call to vccfgwrite that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denia...
Memory corruption
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, the implementation of qnotify at pcivtrndnotify fails to check the return value of vqgetchain. This leads to struct iovec iov; being uninitialized and used to read memory i...
Memory corruption
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107, function pcivtsockproctx in virtio-sock can lead to to uninitialized memory use. In this situation, there is a check for the return value to be less or equal to VTSOCKMAXSEGS, but that check is...
Code injection
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, virtio.c has is a call to vccfgread that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial o...
CVE-2021-32845 Moby HyperKit uninitialized memory use vtrnd pci_vtrnd_notify
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, the implementation of qnotify at pcivtrndnotify fails to check the return value of vqgetchain. This leads to struct iovec iov; being uninitialized and used to read memory i...
CVE-2021-32844
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, vipciwrite has is a call to vccfgwrite that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denia...
CVE-2021-32845 Moby HyperKit uninitialized memory use vtrnd pci_vtrnd_notify
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, the implementation of qnotify at pcivtrndnotify fails to check the return value of vqgetchain. This leads to struct iovec iov; being uninitialized and used to read memory i...
CVE-2021-32843
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, virtio.c has is a call to vccfgread that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial o...
PT-2023-12180 · Hyperkit · Hyperkit
Name of the Vulnerable Software and Affected Versions: HyperKit version 0.20210107 Description: HyperKit is a toolkit for embedding hypervisor capabilities in an application. The function pci vtsock proc tx in virtio-sock can lead to uninitialized memory use due to an insufficient check for the...
CVE-2021-32846 Moby HyperKit uninitialized memory use in virtio-sock pci_vtsock_proc_tx
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107, function pcivtsockproctx in virtio-sock can lead to to uninitialized memory use. In this situation, there is a check for the return value to be less or equal to VTSOCKMAXSEGS, but that check is...
HyperKit 代码问题漏洞
HyperKit is a Moby open source toolkit for embedding virtual machine monitor functionality in applications. A security vulnerability exists in HyperKit 0.20210107 and earlier versions, which stems from vipciwrite calls to vccfgwrite, which does not check for null, and when called causes the host ...
CVE-2021-32846
HyperKit (Moby HyperKit) contains a vulnerability in the virtio-sock PCI path: pci_vtsock_proc_tx can return -1 on unrecoverable errors, and the code’s check that the return value is
CVE-2021-32843
HyperKit prior to 0.20210107 contains a null-check flaw in virtio.c where vc_cfgread is called without validating pointers, allowing a guest to crash the host and cause a denial of service. A fix is available in commit df0e46c7dbfd81a957d85e449ba41b52f6f7beb4. Affected users should upgrade to the...
HyperKit 代码问题漏洞
HyperKit is a Moby open source toolkit for embedding virtual machine monitor functionality in applications. A security vulnerability exists in HyperKit 0.20210107 and earlier versions, which stems from a function pcivtsockproctx in virtio-sock that results in uninitialized memory usage, and can b...