kvmtool through 39181fc allows an out-of-bounds write, related to virtio/balloon.c and virtio/pci.c. This allows a guest OS user to execute arbitrary code on the host machine.
References
Configurations
History
21 Nov 2024, 06:32
Type | Values Removed | Values Added |
---|---|---|
References | () https://cdn.discordapp.com/attachments/921419715170164776/921882173517230100/exploit.c - Broken Link | |
References | () https://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git/commit/?id=39181fc6429f4e9e71473284940e35857b42772a - Patch | |
References | () https://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git/log/ - Patch | |
References | () https://www.kalmarunionen.dk/writeups/2021/hxp-2021/lkvm/ - Exploit, Third Party Advisory |
26 Apr 2023, 14:46
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-787 | |
First Time |
Kvmtool Project
Kvmtool Project kvmtool |
|
CPE | cpe:2.3:a:kvmtool_project:kvmtool:-:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | (MISC) https://cdn.discordapp.com/attachments/921419715170164776/921882173517230100/exploit.c - Broken Link | |
References | (MISC) https://www.kalmarunionen.dk/writeups/2021/hxp-2021/lkvm/ - Exploit, Third Party Advisory | |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git/commit/?id=39181fc6429f4e9e71473284940e35857b42772a - Patch | |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git/log/ - Patch |
15 Apr 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-15 23:15
Updated : 2025-02-06 16:15
NVD link : CVE-2021-45464
Mitre link : CVE-2021-45464
CVE.ORG link : CVE-2021-45464
JSON object : View
Products Affected
kvmtool_project
- kvmtool
CWE
CWE-787
Out-of-bounds Write