This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000 virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-15056.
References
Link | Resource |
---|---|
https://www.zerodayinitiative.com/advisories/ZDI-22-949/ | Third Party Advisory VDB Entry |
https://www.zerodayinitiative.com/advisories/ZDI-22-949/ | Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 07:11
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.zerodayinitiative.com/advisories/ZDI-22-949/ - Third Party Advisory, VDB Entry |
09 Aug 2022, 17:09
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.7 |
CPE | cpe:2.3:a:xhyve_project:xhyve:0.2.0:*:*:*:*:*:*:* | |
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-22-949/ - Third Party Advisory, VDB Entry |
03 Aug 2022, 16:27
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-03 16:15
Updated : 2024-11-21 07:11
NVD link : CVE-2022-35867
Mitre link : CVE-2022-35867
CVE.ORG link : CVE-2022-35867
JSON object : View
Products Affected
xhyve_project
- xhyve
CWE
CWE-121
Stack-based Buffer Overflow