5 matches found
CVE-2021-32843
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, virtio.c has is a call to vc_cfgread that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial of...
CVE-2021-32845
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, the implementation of qnotify at pci_vtrnd_notify fails to check the return value of vq_getchain. This leads to struct iovec iov; being uninitialized and used to read memory ...
CVE-2021-32846
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107, function pci_vtsock_proc_tx in virtio-sock can lead to to uninitialized memory use. In this situation, there is a check for the return value to be less or equal to VTSOCK_MAXSEGS, but that check i...
CVE-2021-32844
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, vi_pci_write has is a call to vc_cfgwrite that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a deni...
CVE-2021-32847
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior, a malicious guest can trigger a vulnerability in the host by abusing the disk driver that may lead to the disclosure of the host memory into the virtualized guest. This issue is fixed in...