PT-2023-12178 · Hyperkit · Hyperkit

Agustin Gianni

Published

2023-02-17

Updated

2023-02-28

CVE-2021-32844

CVSS v3.1

6.2

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions HyperKit versions 0.20210107 and prior

Description HyperKit is a toolkit for embedding hypervisor capabilities in an application. The issue arises from a call to vc cfgwrite in vi pci write that does not check for null, which can cause the host to crash when called. This may lead to a guest crashing the host, resulting in a denial of service.

Recommendations For HyperKit versions 0.20210107 and prior, update to a version that includes the fix committed in 451558fe8aaa8b24e02e34106e3bb9fe41d7ad13 to resolve the issue. As a temporary workaround, consider restricting access to the vi pci write function to minimize the risk of exploitation.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2021-32844

Affected Products

Hyperkit

PT-2023-12178 · Hyperkit · Hyperkit

CVE-2021-32844

Weakness Enumeration

Related Identifiers

Affected Products

References · 7