CVE-2021-32847

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-32847

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32847.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-32847

Published

2023-02-20T17:15:11.857Z

Modified

2025-11-14T11:56:51.608365Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior, a malicious guest can trigger a vulnerability in the host by abusing the disk driver that may lead to the disclosure of the host memory into the virtualized guest. This issue is fixed in commit cf60095a4d8c3cb2e182a14415467afd356e982f.

References

Affected packages

Git / github.com/moby/hyperkit

Affected ranges

Type: GIT
Repo: https://github.com/moby/hyperkit
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

cf60095a4d8c3cb2e182a14415467afd356e982f

Affected versions

v0.*

v0.20170214

v0.20170227

v0.20170425

v0.20170511

v0.20170519

v0.20170904

v0.20171020

v0.20171204

v0.20180123

v0.20180223

v0.20180403

v0.20180621

v0.20190201

v0.20190802

v0.20200224

v0.20200908

v0.20210107

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function",
        "digest": {
            "function_hash": "211594263407013010728782976838174057249",
            "length": 2203.0
        },
        "target": {
            "file": "src/lib/pci_virtio_block.c",
            "function": "pci_vtblk_proc"
        },
        "id": "CVE-2021-32847-33a2ab3c",
        "source": "https://github.com/moby/hyperkit/commit/cf60095a4d8c3cb2e182a14415467afd356e982f"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "66336624619954675223392690425040697295",
                "9047546862656464640058411706248649179",
                "10498610056149185165050029727385673571",
                "85107401001624865239215709652180088083"
            ]
        },
        "target": {
            "file": "src/lib/pci_virtio_block.c"
        },
        "id": "CVE-2021-32847-ae3a0f92",
        "source": "https://github.com/moby/hyperkit/commit/cf60095a4d8c3cb2e182a14415467afd356e982f"
    }
]