PT-2023-12177 · Hyperkit · Hyperkit
Agustin Gianni
·
Published
2023-02-17
·
Updated
2023-02-28
·
CVE-2021-32843
CVSS v3.1
6.2
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
HyperKit versions 0.20210107 and prior
Description
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In the affected versions,
virtio.c has a call to vc cfgread that does not check for null, which can cause the host to crash when called. This issue may lead to a guest crashing the host, resulting in a denial of service.Recommendations
For HyperKit versions 0.20210107 and prior, update to a version that includes the fix committed in df0e46c7dbfd81a957d85e449ba41b52f6f7beb4 to resolve the issue. As a temporary workaround, consider restricting access to the
virtio.c file or disabling the vc cfgread function to minimize the risk of exploitation.Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hyperkit