Moby HyperKit uninitialized memory use vtrnd pci_vtrnd_notify
CVE-2021-32845
7.7HIGH
What is CVE-2021-32845?
In HyperKit versions 0.20210107 and earlier, a vulnerability exists related to the qnotify
function in pci_vtrnd_notify
. The failure to verify the return value of vq_getchain
leads to an uninitialized struct iovec iov
, which can be exploited by an attacker to read sensitive memory when a failure occurs in vq_getchain
. This flaw may result in denial of service by crashing the host and could also potentially cause memory corruption, affecting the stability and security of the system.
Affected Version(s)
hyperkit 0.20210107