Login Sign Up

CVE-2020-28346

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2020-28346 is a NULL pointer dereference vulnerability in ACRN hypervisor's virtio.c PCI device model. This allows attackers to cause denial of service (hypervisor crash) by triggering the NULL pointer dereference. Affects ACRN hypervisor users running vulnerable versions.

💻 Affected Systems

Products:
  • ACRN Hypervisor
Versions: All versions through 2.2
Operating Systems: Linux-based systems running ACRN hypervisor
Default Config Vulnerable: ⚠️ Yes
Notes: Requires attacker access to trigger the virtio device model vulnerability. Affects systems using ACRN for virtualization.

📦 What is this software?

Acrn by Projectacrn

View all CVEs affecting Acrn →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Hypervisor crash leading to complete loss of all virtual machines running on the affected host, requiring physical host reboot.

🟠

Likely Case

Denial of service affecting specific virtual machines or hypervisor functionality, potentially disrupting critical workloads.

🟢

If Mitigated

Limited impact with proper isolation and redundancy, though service interruption may still occur.

🌐 Internet-Facing: LOW - ACRN hypervisors are typically deployed in internal/edge environments, not directly internet-facing.
🏢 Internal Only: MEDIUM - While internal, successful exploitation can disrupt critical virtualization infrastructure.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires access to trigger the virtio device model. No public exploit code identified in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit ae0ab82434509d6e75f4a2f1e1a0dd2ee3dc3681 and later

Vendor Advisory: https://github.com/projectacrn/acrn-hypervisor/pull/5453

Restart Required: Yes

Instructions:

1. Update ACRN hypervisor to version after commit ae0ab82434509d6e75f4a2f1e1a0dd2ee3dc3681. 2. Rebuild and redeploy ACRN. 3. Reboot affected systems to load patched hypervisor.

🔧 Temporary Workarounds

Disable vulnerable virtio devices

linux

If specific virtio devices are not required, disable them to reduce attack surface

Modify ACRN configuration to remove or disable virtio devices in devicemodel/hw/pci/virtio/

🧯 If You Can't Patch

  • Isolate ACRN hypervisor systems from untrusted networks and users
  • Implement strict access controls to limit who can interact with virtio device models

🔍 How to Verify

Check if Vulnerable:

Check ACRN version: if running version 2.2 or earlier, system is vulnerable. Review commit history for presence of fix commit ae0ab82434509d6e75f4a2f1e1a0dd2ee3dc3681.

Check Version:

acrn-dm --version or check ACRN source/build version information

Verify Fix Applied:

Verify ACRN build includes commit ae0ab82434509d6e75f4a2f1e1a0dd2ee3dc3681 or later. Check that virtio.c has proper NULL pointer checks.

📡 Detection & Monitoring

Log Indicators:

  • Hypervisor crash logs
  • Kernel panic messages related to virtio
  • ACRN error logs mentioning NULL pointer dereference in virtio.c

Network Indicators:

  • Unusual virtio device communication patterns

SIEM Query:

Search for: 'virtio.c NULL pointer' OR 'ACRN crash' OR 'hypervisor panic' in system logs

📊 Metadata

CVE ID: CVE-2020-28346
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
Published: March 26, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-28346, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)
CVE-2023-47003 9.8

A NULL pointer dereference vulnerability in RedisGraph allows attackers to execute arbitrary code or...

Same vulnerability type (CWE-476)