PT-2023-1857 · Hyperkit · Hyperkit
Agustin Gianni
·
Published
2023-02-20
·
Updated
2023-03-01
·
CVE-2021-32847
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
HyperKit versions 0.20210107 and prior
Description
The issue is related to a buffer overflow in memory, which can be exploited by a malicious guest to gain unauthorized access to protected information. This is achieved by abusing the disk driver, potentially leading to the disclosure of the host memory into the virtualized guest.
Recommendations
For HyperKit versions 0.20210107 and prior, update to a version that includes the fix committed in cf60095a4d8c3cb2e182a14415467afd356e982f to resolve the issue. As a temporary workaround, consider restricting access to the disk driver to minimize the risk of exploitation.
Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hyperkit