How severe is CVE-2021-32845?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2021-32845?

This is classified as CWE-908, which is a common weakness in software security.

CVE-2021-32845 - HIGH Severity | CVSS 7.8

Vulnerability Description

HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, the implementation of `qnotify` at `pci_vtrnd_notify` fails to check the return value of `vq_getchain`. This leads to `struct iovec iov;` being uninitialized and used to read memory in `len = (int) read(sc->vrsc_fd, iov.iov_base, iov.iov_len);` when an attacker is able to make `vq_getchain` fail. This issue may lead to a guest crashing the host causing a denial of service and, under certain circumstance, memory corruption. This issue is fixed in commit 41272a980197917df8e58ff90642d14dec8fe948.

Related Vulnerabilities

CVE-2009-2692

HIGH

CVSS:7.8(High)

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL...

CWE-9082009

CVE-2018-15911

HIGH

CVSS:7.8(High)

In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execu...

CWE-9082018

CVE-2018-3975

HIGH

CVSS:7.8(High)

An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor 3.2.6 version. A specially crafted RTF file can leverage an uninitialized stack a...

CWE-9082018

CVE-2019-14079

HIGH

CVSS:7.8(High)

Access to the uninitialized variable when the driver tries to unmap the dma buffer of a request which was never mapped in the first place leading to kernel failure in Snapdragon Auto, Snapdragon Compu...

CWE-9082019

CVE-2019-1462

HIGH

CVSS:7.8(High)

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka 'Microsoft PowerPoint Remote Code Execution Vulnerabilit...

CWE-9082019

CVE-2020-16931

HIGH

CVSS:7.8(High)

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could...

CWE-9082020