CVE-2021-45464

Published: Apr 15, 2023

Modified: Feb 6, 2025

PUBLISHED

Description

kvmtool through 39181fc allows an out-of-bounds write, related to virtio/balloon.c and virtio/pci.c. This allows a guest OS user to execute arbitrary code on the host machine.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://cdn.discordapp.com/attachments/921419715170164776/921882173517230100/exploit.c

https://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git/log/

https://www.kalmarunionen.dk/writeups/2021/hxp-2021/lkvm/

https://git.kernel.org/pub/scm/linux/kernel/git/will/kvmtool.git/commit/?id=39181fc6429f4e9e71473284940e35857b42772a

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-45464

Description

Affected Products

References