PT-2023-1857 · Hyperkit · Hyperkit

Agustin Gianni

Publicado

2023-02-20

Atualizado

2023-03-01

CVE-2021-32847

CVSS v3.1

7.1

Alta

Vetor

AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions HyperKit versions 0.20210107 and prior

Description The issue is related to a buffer overflow in memory, which can be exploited by a malicious guest to gain unauthorized access to protected information. This is achieved by abusing the disk driver, potentially leading to the disclosure of the host memory into the virtualized guest.

Recommendations For HyperKit versions 0.20210107 and prior, update to a version that includes the fix committed in cf60095a4d8c3cb2e182a14415467afd356e982f to resolve the issue. As a temporary workaround, consider restricting access to the disk driver to minimize the risk of exploitation.

Exploit

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

BDU:2023-01456

CVE-2021-32847

Produtos afetados

Hyperkit

PT-2023-1857 · Hyperkit · Hyperkit

CVE-2021-32847

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7