CVE-2021-32845 – This vulnerability in HyperKit allows a malicio... (How to Fix)

📋 TL;DR

This vulnerability in HyperKit allows a malicious guest virtual machine to crash the host system, causing denial of service. Under certain conditions, it may also lead to memory corruption. Anyone using HyperKit versions 0.20210107 and earlier is affected.

💻 Affected Systems

Products:

moby/hyperkit

Versions: 0.20210107 and prior

Operating Systems: macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems using HyperKit for virtualization, commonly in Docker Desktop for Mac

📦 What is this software?

Hyperkit by Mobyproject

View all CVEs affecting Hyperkit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Memory corruption leading to potential host compromise or data integrity issues

🟠

Likely Case

Host system crash causing denial of service to all VMs

🟢

If Mitigated

Limited to denial of service if proper isolation controls are in place

🌐 Internet-Facing: LOW (HyperKit is typically used internally for virtualization)

🏢 Internal Only: HIGH (malicious guest VMs can exploit this vulnerability)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires attacker to control a guest VM and trigger specific conditions

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit 41272a980197917df8e58ff90642d14dec8fe948 and later

Vendor Advisory: https://securitylab.github.com/advisories/GHSL-2021-054_057-moby-hyperkit/

Restart Required: Yes

Instructions:

1. Update HyperKit to commit 41272a980197917df8e58ff90642d14dec8fe948 or later
2. Rebuild from source or use updated package
3. Restart all affected virtualization services

🔧 Temporary Workarounds

Disable virtio-rnd device

all

Remove or disable the virtio-rnd device that triggers the vulnerable code path

Modify HyperKit configuration to remove '-s 0,virtio-rnd' or equivalent virtio-rnd device

🧯 If You Can't Patch

Isolate HyperKit hosts from critical production systems
Implement strict access controls for guest VM creation and management

🔍 How to Verify

Check if Vulnerable:

Check HyperKit version: hyperkit --version should show version <= 0.20210107

Check Version:

hyperkit --version

Verify Fix Applied:

Verify commit hash includes 41272a980197917df8e58ff90642d14dec8fe948 or version > 0.20210107

📡 Detection & Monitoring

Log Indicators:

Host system crashes
HyperKit process termination
Kernel panic logs related to virtualization

Network Indicators:

Unusual VM-to-host communication patterns

SIEM Query:

process:hyperkit AND (event:crash OR event:termination)

📊 Metadata

CVE ID: CVE-2021-32845

CVSS v3 Score: 7.7 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-908

Published: February 17, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/moby/hyperkit/commit/41272a980197917df8e58ff90642d14dec8fe948 Patch
https://github.com/moby/hyperkit/pull/313 Patch
https://securitylab.github.com/advisories/GHSL-2021-054_057-moby-hyperkit/ Third Party Advisory
https://github.com/moby/hyperkit/commit/41272a980197917df8e58ff90642d14dec8fe948 Patch
https://github.com/moby/hyperkit/pull/313 Patch
https://securitylab.github.com/advisories/GHSL-2021-054_057-moby-hyperkit/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-32845, you might also want to check these: