Lucene search

Ubuntu.comUB:CVE-2021-45464

HistoryApr 15, 2023 - 12:00 a.m.

CVE-2021-45464

2023-04-1500:00:00

ubuntu.com

kvmtool

vulnerability

virtio

components

out-of-bounds write

arbitrary code

guest os

host machine

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

9.8%

JSON

kvmtool through 39181fc allows an out-of-bounds write, related to
virtio/balloon.c and virtio/pci.c. This allows a guest OS user to execute
arbitrary code on the host machine.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchkvmtool< anyUNKNOWN
ubuntu20.04noarchkvmtool< anyUNKNOWN
ubuntu22.04noarchkvmtool< anyUNKNOWN
ubuntu16.04noarchkvmtool< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	kvmtool	< any	UNKNOWN
ubuntu	20.04	noarch	kvmtool	< any	UNKNOWN
ubuntu	22.04	noarch	kvmtool	< any	UNKNOWN
ubuntu	16.04	noarch	kvmtool	< any	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2021-45464

nvd.nist.gov/vuln/detail/CVE-2021-45464

security-tracker.debian.org/tracker/CVE-2021-45464

www.cve.org/CVERecord?id=CVE-2021-45464

www.kalmarunionen.dk/writeups/2021/hxp-2021/lkvm/

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

9.8%

JSON

Related for UB:CVE-2021-45464