CVE-2021-32847
7.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Summary
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior, a malicious guest can trigger a vulnerability in the host by abusing the disk driver that may lead to the disclosure of the host memory into the virtualized guest. This issue is fixed in commit cf60095a4d8c3cb2e182a14415467afd356e982f.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| moby | hyperkit | 0.20210107 <= 0.20210107 | affected |
Weaknesses
- CWE-125: CWE-125 Out-of-bounds Read
ADP Enrichment
CVE Program Container
Additional References
- https://securitylab.github.com/advisories/GHSL-2021-058-moby-hyperkit/
- https://github.com/moby/hyperkit/blob/2f061e447e1435cdf1b9eda364cea6414f2c606b/src/lib/pci_virtio_block.c#L316
- https://github.com/moby/hyperkit/commit/cf60095a4d8c3cb2e182a14415467afd356e982f
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://securitylab.github.com/advisories/GHSL-2021-058-moby-hyperkit/
- https://github.com/moby/hyperkit/blob/2f061e447e1435cdf1b9eda364cea6414f2c606b/src/lib/pci_virtio_block.c#L316
- https://github.com/moby/hyperkit/commit/cf60095a4d8c3cb2e182a14415467afd356e982f
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.