← Volver a CVEs

CVE-2021-32847

HIGH

7.1

Descripcion

HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior, a malicious guest can trigger a vulnerability in the host by abusing the disk driver that may lead to the disclosure of the host memory into the virtualized guest. This issue is fixed in commit cf60095a4d8c3cb2e182a14415467afd356e982f.

Detalles CVE

Puntuacion CVSS v3.17.1

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Vector de ataqueLOCAL

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado2/20/2023

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

mobyproject:hyperkit

Debilidades (CWE)

CWE-125CWE-125

Referencias

https://github.com/moby/hyperkit/blob/2f061e447e1435cdf1b9eda364cea6414f2c606b/src/lib/pci_virtio_block.c#L316(security-advisories@github.com)

https://github.com/moby/hyperkit/commit/cf60095a4d8c3cb2e182a14415467afd356e982f(security-advisories@github.com)

https://securitylab.github.com/advisories/GHSL-2021-058-moby-hyperkit/(security-advisories@github.com)

https://github.com/moby/hyperkit/blob/2f061e447e1435cdf1b9eda364cea6414f2c606b/src/lib/pci_virtio_block.c#L316(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/moby/hyperkit/commit/cf60095a4d8c3cb2e182a14415467afd356e982f(af854a3a-2127-422b-91ae-364da2661108)

https://securitylab.github.com/advisories/GHSL-2021-058-moby-hyperkit/(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.