CVE-2021-32847 HIGH

CVE-2021-32847: Moby HyperKit uninitialized memory use in virtio-sock pci_vtsock_proc_tx

Vendor Moby
Product hyperkit
Weakness CWE-125
Published February 20, 2023
Last update March 10, 2025

CVSS base score

7.1/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior, a malicious guest can trigger a vulnerability in the host by abusing the disk driver that may lead to the disclosure of the host memory into the virtualized guest. This issue is fixed in commit cf60095a4d8c3cb2e182a14415467afd356e982f.

Key dates

02Disclosure timeline

February 20, 2023 CVE published
March 10, 2025 Record updated