Moby HyperKit uninitialized memory use in virtio-sock pci_vtsock_proc_tx
CVE-2021-32846
7.7HIGH
What is CVE-2021-32846?
In HyperKit versions prior to a patch, a flaw in the virtio-sock
functionality can lead to the use of uninitialized memory. Specifically, the function pci_vtsock_proc_tx
inadequately checks its return value, allowing a negative return when an unrecoverable error occurs. This oversight may cause the host to crash and enable denial of service attacks, in addition to posing risks for memory corruption during operations that expect only non-negative values. Moby's focus on security led to the resolution of this issue in an update.
Affected Version(s)
hyperkit 0.20210107