CVE-2021-32843

Summary

HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, virtio.c has is a call to vc_cfgread that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial of service. This issue is fixed in commit df0e46c7dbfd81a957d85e449ba41b52f6f7beb4.

Affected Software

VendorProductVersion RangeStatus
mobyhyperkit0.20210107 <= 0.20210107affected

Weaknesses

  • CWE-476: CWE-476 NULL Pointer Dereference

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References