Moby HyperKit uninitialized memory use in virtio-sock pci_vtsock_proc_tx
CVE-2021-32847
7.1HIGH
Summary
HyperKit is a powerful toolkit that enables embedding hypervisor capabilities within applications. A vulnerability exists in versions 0.20210107 and earlier where a malicious guest could exploit the disk driver, potentially allowing it to access the host's memory. This is a significant security concern as it may lead to unauthorized information disclosure from the host to the guest system. This issue has been addressed in a subsequent fix, enhancing the security posture of the product.
Affected Version(s)
hyperkit 0.20210107
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved