Linux Acrn vulnerabilities

7 known vulnerabilities affecting linux/acrn.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH7

Vulnerabilities

Page 1 of 1
CVE-2021-36144HIGHCVSS 7.5fixed in 2.52021-07-02
CVE-2021-36144 [HIGH] CWE-416 CVE-2021-36144: The polling timer handler in ACRN before 2.5 has a use-after-free for a freed virtio device, related The polling timer handler in ACRN before 2.5 has a use-after-free for a freed virtio device, related to devicemodel/hw/pci/virtio/*.c.
nvd
CVE-2021-36145HIGHCVSS 7.5≤ 2.52021-07-02
CVE-2021-36145 [HIGH] CWE-416 CVE-2021-36145: The Device Model in ACRN through 2.5 has a devicemodel/core/mem.c use-after-free for a freed rb_entr The Device Model in ACRN through 2.5 has a devicemodel/core/mem.c use-after-free for a freed rb_entry.
nvd
CVE-2021-36146HIGHCVSS 7.5fixed in 2.52021-07-02
CVE-2021-36146 [HIGH] CWE-476 CVE-2021-36146: ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for a trb pointer. ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for a trb pointer.
nvd
CVE-2021-36148HIGHCVSS 7.8fixed in 2.52021-07-02
CVE-2021-36148 [HIGH] CWE-120 CVE-2021-36148: An issue was discovered in ACRN before 2.5. dmar_free_irte in hypervisor/arch/x86/vtd.c allows an ir An issue was discovered in ACRN before 2.5. dmar_free_irte in hypervisor/arch/x86/vtd.c allows an irte_alloc_bitmap buffer overflow.
nvd
CVE-2021-36143HIGHCVSS 7.5fixed in 2.52021-07-02
CVE-2021-36143 [HIGH] CWE-476 CVE-2021-36143: ACRN before 2.5 has a hw/pci/virtio/virtio.c vq_endchains NULL Pointer Dereference. ACRN before 2.5 has a hw/pci/virtio/virtio.c vq_endchains NULL Pointer Dereference.
nvd
CVE-2021-36147HIGHCVSS 7.5fixed in 2.52021-07-02
CVE-2021-36147 [HIGH] CWE-476 CVE-2021-36147: An issue was discovered in ACRN before 2.5. It allows a devicemodel/hw/pci/virtio/virtio_net.c virti An issue was discovered in ACRN before 2.5. It allows a devicemodel/hw/pci/virtio/virtio_net.c virtio_net_ping_rxq NULL pointer dereference for vq->used.
nvd
CVE-2019-18844HIGHCVSS 7.5fixed in 2019w25.5-140000p2019-11-13
CVE-2019-18844 [HIGH] CWE-617 CVE-2019-18844: The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core. The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. This is fixed in 1.2. 6199e6534
nvd