CVE-2021-32845

Name of the Vulnerable Software and Affected Versions HyperKit versions 0.20210107 and prior

Description HyperKit is a toolkit for embedding hypervisor capabilities in an application. The implementation of qnotify at pci vtrnd notify fails to check the return value of vq getchain, leading to struct iovec iov; being uninitialized and used to read memory in len = (int) read(sc->vrsc fd, iov.iov base, iov.iov len); when an attacker is able to make vq getchain fail. This issue may lead to a guest crashing the host, causing a denial of service, and under certain circumstances, memory corruption.

Recommendations For HyperKit versions 0.20210107 and prior, update to a version that includes the fix from commit 41272a980197917df8e58ff90642d14dec8fe948 to resolve the issue. As a temporary workaround, consider restricting access to the pci vtrnd notify function to minimize the risk of exploitation. Additionally, avoid using the vq getchain function in a way that could cause it to fail, as this could lead to the uninitialized struct iovec iov; being used.