CVE-2021-32844
https://notcve.org/view.php?id=CVE-2021-32844
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, ` vi_pci_write` has is a call to `vc_cfgwrite` that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial of service. This issue is fixed in commit 451558fe8aaa8b24e02e34106e3bb9fe41d7ad13. • https://github.com/moby/hyperkit/commit/451558fe8aaa8b24e02e34106e3bb9fe41d7ad13 https://github.com/moby/hyperkit/pull/313 https://securitylab.github.com/advisories/GHSL-2021-054_057-moby-hyperkit • CWE-476: NULL Pointer Dereference •
CVE-2021-32843
https://notcve.org/view.php?id=CVE-2021-32843
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, `virtio.c` has is a call to `vc_cfgread` that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial of service. This issue is fixed in commit df0e46c7dbfd81a957d85e449ba41b52f6f7beb4. • https://github.com/moby/hyperkit/commit/df0e46c7dbfd81a957d85e449ba41b52f6f7beb4 https://github.com/moby/hyperkit/pull/313 https://securitylab.github.com/advisories/GHSL-2021-054_057-moby-hyperkit • CWE-476: NULL Pointer Dereference •
CVE-2021-32846 – Moby HyperKit uninitialized memory use in virtio-sock pci_vtsock_proc_tx
https://notcve.org/view.php?id=CVE-2021-32846
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107, function `pci_vtsock_proc_tx` in `virtio-sock` can lead to to uninitialized memory use. In this situation, there is a check for the return value to be less or equal to `VTSOCK_MAXSEGS`, but that check is not sufficient because the function can return `-1` if it finds an error it cannot recover from. Moreover, the negative return value will be used by `iovec_pull` in a while condition that can further lead to more corruption because the function is not designed to handle a negative `iov_len`. This issue may lead to a guest crashing the host causing a denial of service and, under certain circumstance, memory corruption. • https://github.com/moby/hyperkit/commit/af5eba2360a7351c08dfd9767d9be863a50ebaba https://github.com/moby/hyperkit/pull/313 https://securitylab.github.com/advisories/GHSL-2021-054_057-moby-hyperkit • CWE-754: Improper Check for Unusual or Exceptional Conditions CWE-908: Use of Uninitialized Resource •
CVE-2021-32845 – Moby HyperKit uninitialized memory use vtrnd pci_vtrnd_notify
https://notcve.org/view.php?id=CVE-2021-32845
HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, the implementation of `qnotify` at `pci_vtrnd_notify` fails to check the return value of `vq_getchain`. This leads to `struct iovec iov;` being uninitialized and used to read memory in `len = (int) read(sc->vrsc_fd, iov.iov_base, iov.iov_len);` when an attacker is able to make `vq_getchain` fail. This issue may lead to a guest crashing the host causing a denial of service and, under certain circumstance, memory corruption. This issue is fixed in commit 41272a980197917df8e58ff90642d14dec8fe948. • https://github.com/moby/hyperkit/commit/41272a980197917df8e58ff90642d14dec8fe948 https://github.com/moby/hyperkit/pull/313 https://securitylab.github.com/advisories/GHSL-2021-054_057-moby-hyperkit • CWE-252: Unchecked Return Value CWE-908: Use of Uninitialized Resource •
CVE-2022-36109 – Moby vulnerability relating to supplementary group permissions
https://notcve.org/view.php?id=CVE-2022-36109
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. • https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32 https://github.com/moby/moby/releases/tag/v20.10.18 https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ • CWE-863: Incorrect Authorization •