Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-32847

HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior, a malicious guest can trigger a vulnerability in the host by abusing the disk driver that may lead to the disclosure of the host memory into the virtualized guest. This issue is fixed in commit cf60095a4d8c3cb2e182a14415467afd356e982f.

Published

2023-02-20T17:15:11.857

Last Modified

2024-11-21T06:07:52.487

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.1 (HIGH)

Weaknesses

Type: Secondary
CWE-125
Type: Primary
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mobyproject	hyperkit	≤ 0.20210107	Yes

References

https://github.com/moby/hyperkit/blob/2f061e447e1435cdf1b9eda364cea6414f2c606b/src/lib/pci_virtio_block.c#L316 Exploit, Product ([email protected])
https://github.com/moby/hyperkit/commit/cf60095a4d8c3cb2e182a14415467afd356e982f Patch ([email protected])
https://securitylab.github.com/advisories/GHSL-2021-058-moby-hyperkit/ Exploit, Third Party Advisory ([email protected])
https://github.com/moby/hyperkit/blob/2f061e447e1435cdf1b9eda364cea6414f2c606b/src/lib/pci_virtio_block.c#L316 Exploit, Product (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/moby/hyperkit/commit/cf60095a4d8c3cb2e182a14415467afd356e982f Patch (af854a3a-2127-422b-91ae-364da2661108)
https://securitylab.github.com/advisories/GHSL-2021-058-moby-hyperkit/ Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)