Acrn Security Vulnerabilities and Issues — Acrn CVE List

LinuxAcrn

7 matches found

CVE•added 2021/07/02 9:24 p.m.•109 views

CVE-2021-36146

CVE-2021-36146 affects ACRN before 2.5 via a NULL pointer dereference in devicemodel/hw/pci/xhci.c when handling a trb pointer. The issue is documented across multiple sources (e.g., NVD entry and CNVD/RH mirrors) confirming a null pointer dereference vulnerability in the xhci.c file of ACRN’s de...

7.5CVSS7.5AI score0.00235EPSS

CVE•added 2021/07/02 9:24 p.m.•106 views

CVE-2021-36147

The CVE-2021-36147 issue affects ACRN before 2.5, specifically a null pointer dereference in virtio_net_ping_rxq (devicemodel/hw/pci/virtio/virtio_net.c) on vq->used, leading to a crash/partial availability impact. Affected product: ACRN hypervisor; vulnerable component: virtio_net_ping_rxq in...

7.5CVSS7.5AI score0.00435EPSS

CVE•added 2021/07/02 9:24 p.m.•99 views

CVE-2021-36145

CVE-2021-36145 affects ACRN (Device Model) up to version 2.5. The issue is a use-after-free in devicemodel/core/mem.c with a freed rb_entry. CVSS details: 3.1 score 7.5 (network, low attack complexity, no privileges required, no user interaction; confidentiality/integrity impact none, availabilit...

7.5CVSS7.5AI score0.00433EPSS

CVE•added 2021/07/02 9:25 p.m.•97 views

CVE-2021-36143

ACRN before 2.5 contains a NULL pointer dereference in hw/pci/virtio/virtio.c (vq_endchains). Affected component is the virtio PCI backend in the hypervisor. CVSS data indicates high impact (availability loss) with network attack vector and no authentication or user interaction required; exploita...

7.5CVSS7.5AI score0.00437EPSS

CVE•added 2021/07/02 9:24 p.m.•94 views

CVE-2021-36144

CVE-2021-36144 affects the ACRN hypervisor prior to 2.5. The issue is described as a use-after-free involving a freed virtio device in the polling timer handler, within devicemodel/hw/pci/virtio/*.c. The connected sources confirm this root cause and timeline, but do not provide exploitation detai...

7.5CVSS7.5AI score0.00433EPSS

CVE•added 2021/07/02 9:24 p.m.•94 views

CVE-2021-36148

CVE-2021-36148 affects the ACRN hypervisor prior to version 2.5. The vulnerability is in dmar_free_irte (hypervisor/arch/x86/vtd.c) where an irte_alloc_bitmap buffer overflow is possible. CVSS details from the entry indicate a HIGH impact (CVSS 3.1: LOCAL access, UI required, base score 7.8) with...

7.8CVSS7.7AI score0.00213EPSS

CVE•added 2019/11/13 7:12 p.m.•55 views

CVE-2019-18844

ACRN Device Model (pre-2019w25.5-140000p) is affected by a denial-of-service condition caused by using asserts in PCI core code (devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h) to propagate errors/diagnostic information. The issue can trigger an assertion failure in the PCI core. Th...

7.5CVSS7.3AI score0.00537EPSS