CVE-2021-45464

kvmtool through 39181fc allows an out-of-bounds write, related to virtio/balloon.c and virtio/pci.c. This allows a guest OS user to execute arbitrary code on the host machine.
Configurations

Configuration 1 (hide)

cpe:2.3:a:kvmtool_project:kvmtool:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:32

Type Values Removed Values Added
References () https://cdn.discordapp.com/attachments/921419715170164776/921882173517230100/exploit.c - Broken Link () https://cdn.discordapp.com/attachments/921419715170164776/921882173517230100/exploit.c - Broken Link
References () https://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git/commit/?id=39181fc6429f4e9e71473284940e35857b42772a - Patch () https://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git/commit/?id=39181fc6429f4e9e71473284940e35857b42772a - Patch
References () https://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git/log/ - Patch () https://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git/log/ - Patch
References () https://www.kalmarunionen.dk/writeups/2021/hxp-2021/lkvm/ - Exploit, Third Party Advisory () https://www.kalmarunionen.dk/writeups/2021/hxp-2021/lkvm/ - Exploit, Third Party Advisory

26 Apr 2023, 14:46

Type Values Removed Values Added
References (MISC) https://cdn.discordapp.com/attachments/921419715170164776/921882173517230100/exploit.c - (MISC) https://cdn.discordapp.com/attachments/921419715170164776/921882173517230100/exploit.c - Broken Link
References (MISC) https://www.kalmarunionen.dk/writeups/2021/hxp-2021/lkvm/ - (MISC) https://www.kalmarunionen.dk/writeups/2021/hxp-2021/lkvm/ - Exploit, Third Party Advisory
References (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git/commit/?id=39181fc6429f4e9e71473284940e35857b42772a - (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git/commit/?id=39181fc6429f4e9e71473284940e35857b42772a - Patch
References (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git/log/ - (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git/log/ - Patch
CWE CWE-787
First Time Kvmtool Project
Kvmtool Project kvmtool
CPE cpe:2.3:a:kvmtool_project:kvmtool:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

15 Apr 2023, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-04-15 23:15

Updated : 2025-02-06 16:15


NVD link : CVE-2021-45464

Mitre link : CVE-2021-45464

CVE.ORG link : CVE-2021-45464


JSON object : View

Products Affected

kvmtool_project

  • kvmtool
CWE
CWE-787

Out-of-bounds Write