CVE-2021-32843

HyperKit prior to 0.20210107 contains a null-check flaw in virtio.c where vc_cfgread is called without validating pointers, allowing a guest to crash the host and cause a denial of service. A fix is available in commit df0e46c7dbfd81a957d85e449ba41b52f6f7beb4. Affected users should upgrade to the...

CVE-2021-32845

HyperKit versions 0.20210107 and earlier are affected by a vulnerability in pci_vtrnd_notify where the return value of vq_getchain is not checked. This can result in an uninitialized struct iovec (iov) being used to read memory, potentially causing a guest to crash the host and enable memory corr...

CVE-2021-32844

CVE-2021-32844 affects HyperKit up to version 0.20210107. The vulnerability originates from a null-pointer check omission in the vi_pci_write path calling vc_cfgwrite, which can cause the host to crash and potentially lead to a denial of service. The issue is fixed in commit 451558fe8aaa8b24e02e3...

CVE-2021-32847

HyperKit versions 0.20210107 and earlier are affected by a vulnerability in the disk driver that can cause host memory disclosure to a malicious guest. The issue is described as a memory-related flaw (uninitialized memory use) in the PCI virtio block path (pci_vtsock_proc_tx) and is associated wi...

CVE-2021-32846

HyperKit (Moby HyperKit) contains a vulnerability in the virtio-sock PCI path: pci_vtsock_proc_tx can return -1 on unrecoverable errors, and the code’s check that the return value is