Mobyproject Hyperkit
By the Year
In 2024 there have been 0 vulnerabilities in Mobyproject Hyperkit . Last year Hyperkit had 5 security vulnerabilities published. Right now, Hyperkit is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 5 | 6.62 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Hyperkit vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Mobyproject Hyperkit Security Vulnerabilities
HyperKit is a toolkit for embedding hypervisor capabilities in an application
CVE-2021-32847
6.5 - Medium
- February 20, 2023
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior, a malicious guest can trigger a vulnerability in the host by abusing the disk driver that may lead to the disclosure of the host memory into the virtualized guest. This issue is fixed in commit cf60095a4d8c3cb2e182a14415467afd356e982f.
Out-of-bounds Read
HyperKit is a toolkit for embedding hypervisor capabilities in an application
CVE-2021-32846
7.8 - High
- February 17, 2023
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107, function `pci_vtsock_proc_tx` in `virtio-sock` can lead to to uninitialized memory use. In this situation, there is a check for the return value to be less or equal to `VTSOCK_MAXSEGS`, but that check is not sufficient because the function can return `-1` if it finds an error it cannot recover from. Moreover, the negative return value will be used by `iovec_pull` in a while condition that can further lead to more corruption because the function is not designed to handle a negative `iov_len`. This issue may lead to a guest crashing the host causing a denial of service and, under certain circumstance, memory corruption. This issue is fixed in commit af5eba2360a7351c08dfd9767d9be863a50ebaba.
Improper Check for Unusual or Exceptional Conditions
HyperKit is a toolkit for embedding hypervisor capabilities in an application
CVE-2021-32845
7.8 - High
- February 17, 2023
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, the implementation of `qnotify` at `pci_vtrnd_notify` fails to check the return value of `vq_getchain`. This leads to `struct iovec iov;` being uninitialized and used to read memory in `len = (int) read(sc->vrsc_fd, iov.iov_base, iov.iov_len);` when an attacker is able to make `vq_getchain` fail. This issue may lead to a guest crashing the host causing a denial of service and, under certain circumstance, memory corruption. This issue is fixed in commit 41272a980197917df8e58ff90642d14dec8fe948.
Unchecked Return Value
HyperKit is a toolkit for embedding hypervisor capabilities in an application
CVE-2021-32844
5.5 - Medium
- February 17, 2023
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, ` vi_pci_write` has is a call to `vc_cfgwrite` that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial of service. This issue is fixed in commit 451558fe8aaa8b24e02e34106e3bb9fe41d7ad13.
NULL Pointer Dereference
HyperKit is a toolkit for embedding hypervisor capabilities in an application
CVE-2021-32843
5.5 - Medium
- February 17, 2023
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, `virtio.c` has is a call to `vc_cfgread` that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial of service. This issue is fixed in commit df0e46c7dbfd81a957d85e449ba41b52f6f7beb4.
NULL Pointer Dereference
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Mobyproject Hyperkit or by Mobyproject? Click the Watch button to subscribe.
