CVE-2023-30612 — Missing Authentication for Critical Function in Cloud-hypervisor

CWE-306 — Missing Authentication for Critical Function CWE-416 — Use After Free2 documents2 sources

Severity

4.9MEDIUMNVD

EPSS

0.3%

top 43.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloud-hypervisor Cloudhypervisor Cloud Hypervisor Msrc Cbl2 Cloud-hypervisor 31.1-1 ON CBL Mariner 2.0 +2 more

Timeline

Latest updateApr 11

PublishedApr 19

Description

Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily crashed, causing Deny-of-Service (DoS). This can also be a potential Use-After-Free (UAF) vulnerability. Users require to have the write access to the API socket file to trigger this vulnerability. Impacted v…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages5 packages

▶NVDcloudhypervisor/cloud_hypervisor30.0, 31.1+1

▶CVEListV5cloud-hypervisor/cloud-hypervisor>= 30.0, < 30.1, >= 31.0, < 31.1+1

▶msrcmsrc/cbl2_cloud-hypervisor_31.1-1_on_cbl_mariner_2.0

▶msrcmsrc/cbl_mariner_2.0_arm

▶msrcmsrc/cbl_mariner_2.0_x64

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

📋Vendor Advisories

Microsoft

Malicious HTTP requests could close arbitrary opening file descriptors in cloud-hypervisor↗2023-04-11

▶