Moby HyperKit uninitialized memory use vtrnd pci_vtrnd_notify
CVE-2021-32845

7.7HIGH

Key Information:

Vendor: Moby
Status: Hyperkit
Vendor: CVE Published:; 17 February 2023

What is CVE-2021-32845?

In HyperKit versions 0.20210107 and earlier, a vulnerability exists related to the qnotify function in pci_vtrnd_notify. The failure to verify the return value of vq_getchain leads to an uninitialized struct iovec iov, which can be exploited by an attacker to read sensitive memory when a failure occurs in vq_getchain. This flaw may result in denial of service by crashing the host and could also potentially cause memory corruption, affecting the stability and security of the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

hyperkit 0.20210107

References

https://securitylab.github.com/advisories/GHSL-2021-054_0...

https://github.com/moby/hyperkit/pull/313

https://github.com/moby/hyperkit/commit/41272a980197917df...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 17, 2023
Vulnerability Reserved
May 12, 2021

JSON

Moby

What is CVE-2021-32845?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.