PT-2023-12177 · Hyperkit · Hyperkit
Agustin Gianni
·
Publicado
2023-02-17
·
Atualizado
2023-02-28
·
CVE-2021-32843
CVSS v3.1
6.2
Média
| Vetor | AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
HyperKit versions 0.20210107 and prior
Description
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In the affected versions,
virtio.c has a call to vc cfgread that does not check for null, which can cause the host to crash when called. This issue may lead to a guest crashing the host, resulting in a denial of service.Recommendations
For HyperKit versions 0.20210107 and prior, update to a version that includes the fix committed in df0e46c7dbfd81a957d85e449ba41b52f6f7beb4 to resolve the issue. As a temporary workaround, consider restricting access to the
virtio.c file or disabling the vc cfgread function to minimize the risk of exploitation.Correção
NULL Pointer Dereference
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Hyperkit