PT-2023-12178 · Hyperkit · Hyperkit
Agustin Gianni
·
Publicado
2023-02-17
·
Atualizado
2023-02-28
·
CVE-2021-32844
CVSS v3.1
6.2
Média
| Vetor | AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
HyperKit versions 0.20210107 and prior
Description
HyperKit is a toolkit for embedding hypervisor capabilities in an application. The issue arises from a call to
vc cfgwrite in vi pci write that does not check for null, which can cause the host to crash when called. This may lead to a guest crashing the host, resulting in a denial of service.Recommendations
For HyperKit versions 0.20210107 and prior, update to a version that includes the fix committed in 451558fe8aaa8b24e02e34106e3bb9fe41d7ad13 to resolve the issue. As a temporary workaround, consider restricting access to the
vi pci write function to minimize the risk of exploitation.Correção
NULL Pointer Dereference
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Hyperkit