Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Moby HyperKit uninitialized memory use vtrnd pci_vtrnd_notify
Vulnerability Description
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, the implementation of `qnotify` at `pci_vtrnd_notify` fails to check the return value of `vq_getchain`. This leads to `struct iovec iov;` being uninitialized and used to read memory in `len = (int) read(sc->vrsc_fd, iov.iov_base, iov.iov_len);` when an attacker is able to make `vq_getchain` fail. This issue may lead to a guest crashing the host causing a denial of service and, under certain circumstance, memory corruption. This issue is fixed in commit 41272a980197917df8e58ff90642d14dec8fe948.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Vulnerability Type
对未经初始化资源的使用
Vulnerability Title
HyperKit 安全漏洞
Vulnerability Description
HyperKit是Moby开源的一个用于在应用程序中嵌入虚拟机监控程序功能的工具包。 HyperKit 0.20210107及之前版本存在安全漏洞,该漏洞源于`pci_vtrnd_notify` 中的 `qnotify` 无法检查 `vq_getchain` 的返回值,这导致 struct iovec iov未初始化并用于读取 `len = (int) read(sc->vrsc_fd, iov.iov_base, iov.iov_len);` 中的内存,攻击者利用该漏洞可以使主机崩溃,导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A