2 matches found
CVE-2022-35867
This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000 virtual devic...
CVE-2022-35867
This CVE (CVE-2022-35867) affects xhyve’s e1000 virtual device. The root cause is improper validation of the length of user-supplied data before copying to a stack-based buffer, enabling local privilege escalation and arbitrary code execution in the hypervisor context. Documented in ZDI-22-949, w...