Buffer Overflow Vulnerability in ACRN Hypervisor from ACRN Project
CVE-2021-36148

7.8HIGH

Key Information:

Vendor: Linux
Status: Acrn
Vendor: CVE Published:; 2 July 2021

What is CVE-2021-36148?

A buffer overflow vulnerability was discovered in the ACRN Hypervisor prior to version 2.5. This vulnerability resides in the dmar_free_irte function located in the hypervisor's x86 virtual device translation (vtd) component. An improperly managed irte_alloc_bitmap can lead to potential exploitation, allowing attackers to overwrite memory boundaries. This could result in unexpected behavior or unauthorized access, thus posing a significant security risk to systems utilizing this hypervisor.

References

https://github.com/projectacrn/acrn-hypervisor/commit/25c...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2021
Vulnerability Reserved
Jul 2, 2021

Linux

What is CVE-2021-36148?

References

CVSS V3.1

Timeline