CVE-2021-36146

CVE-2021-36146 affects ACRN before 2.5 via a NULL pointer dereference in devicemodel/hw/pci/xhci.c when handling a trb pointer. The issue is documented across multiple sources (e.g., NVD entry and CNVD/RH mirrors) confirming a null pointer dereference vulnerability in the xhci.c file of ACRN’s de...

CVE-2021-36147

The CVE-2021-36147 issue affects ACRN before 2.5, specifically a null pointer dereference in virtio_net_ping_rxq (devicemodel/hw/pci/virtio/virtio_net.c) on vq->used, leading to a crash/partial availability impact. Affected product: ACRN hypervisor; vulnerable component: virtio_net_ping_rxq in...

CVE-2021-36143

ACRN before 2.5 contains a NULL pointer dereference in hw/pci/virtio/virtio.c (vq_endchains). Affected component is the virtio PCI backend in the hypervisor. CVSS data indicates high impact (availability loss) with network attack vector and no authentication or user interaction required; exploita...

CVE-2021-36144

CVE-2021-36144 affects the ACRN hypervisor prior to 2.5. The issue is described as a use-after-free involving a freed virtio device in the polling timer handler, within devicemodel/hw/pci/virtio/*.c. The connected sources confirm this root cause and timeline, but do not provide exploitation detai...

CVE-2021-36148

CVE-2021-36148 affects the ACRN hypervisor prior to version 2.5. The vulnerability is in dmar_free_irte (hypervisor/arch/x86/vtd.c) where an irte_alloc_bitmap buffer overflow is possible. CVSS details from the entry indicate a HIGH impact (CVSS 3.1: LOCAL access, UI required, base score 7.8) with...

CVE-2019-18844

ACRN Device Model (pre-2019w25.5-140000p) is affected by a denial-of-service condition caused by using asserts in PCI core code (devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h) to propagate errors/diagnostic information. The issue can trigger an assertion failure in the PCI core. Th...