本页列出影响 linux acrn 的已公开 CVE 漏洞(通过 NVD CPE 关联)。每行包含严重程度评分、摘要与发布日期,便于识别与分析安全问题。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2021-36148 | An issue was discovered in ACRN before 2.5. dmar_free_irte in hypervisor/arch/x86/vtd.c allows an irte_alloc_bitmap buffer overflow. | [email protected] | 7.8 | 0.21% | 2021-07-02 | 2024-11-21 |
| CVE-2021-36147 | An issue was discovered in ACRN before 2.5. It allows a devicemodel/hw/pci/virtio/virtio_net.c virtio_net_ping_rxq NULL pointer dereference for vq->used. | [email protected] | 7.5 | 0.43% | 2021-07-02 | 2024-11-21 |
| CVE-2021-36146 | ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for a trb pointer. | [email protected] | 7.5 | 0.24% | 2021-07-02 | 2024-11-21 |
| CVE-2021-36145 | The Device Model in ACRN through 2.5 has a devicemodel/core/mem.c use-after-free for a freed rb_entry. | [email protected] | 7.5 | 0.39% | 2021-07-02 | 2024-11-21 |
| CVE-2021-36144 | The polling timer handler in ACRN before 2.5 has a use-after-free for a freed virtio device, related to devicemodel/hw/pci/virtio/*.c. | [email protected] | 7.5 | 0.39% | 2021-07-02 | 2024-11-21 |
| CVE-2021-36143 | ACRN before 2.5 has a hw/pci/virtio/virtio.c vq_endchains NULL Pointer Dereference. | [email protected] | 7.5 | 0.43% | 2021-07-02 | 2024-11-21 |
| CVE-2019-18844 | The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. This is fixed in 1.2. 6199e653418e is a mitigation for pre-1.1 versions, whereas 2b3dedfb9ba1 is a mitigation for 1.1. | [email protected] | 7.5 | 0.54% | 2019-11-13 | 2024-11-21 |