Denial of Service Vulnerability in HyperKit by Moby
CVE-2021-32844

6.2MEDIUM

Key Information:

Vendor
Moby
Status
Hyperkit
Vendor
CVE Published:
17 February 2023

Summary

HyperKit, a toolkit for embedding hypervisor capabilities, is susceptible to a notable vulnerability in its vi_pci_write function that fails to validate null pointers. This oversight can lead to severe stability issues, causing the host machine to crash when a guest attempts to perform certain operations. As a result, this can effectively create a denial of service condition for users relying on HyperKit's functionality. To mitigate this issue, users should upgrade to the patched version as indicated in the latest commits.

Affected Version(s)

hyperkit 0.20210107

References

https://securitylab.github.com/advisories/GHSL-2021-054_0...
https://github.com/moby/hyperkit/pull/313
https://github.com/moby/hyperkit/commit/451558fe8aaa8b24e...

CVSS V3.1

Score:
6.2
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-32844 : Denial of Service Vulnerability in HyperKit by Moby | SecurityVulnerability.io