Home > Vulnerability Database > CVE-2022-35867

Mend.io Vulnerability Database

CVE-2022-35867

Date: August 3, 2022

This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000 virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-15056.

Language: C

Severity Score

6.7

Related Resources (3)

Url: https://www.zerodayinitiative.com/advisories/ZDI-22-949/

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-35867

Url: https://www.mend.io/vulnerability-database/CVE-2022-35867

Severity Score

6.7

Weakness Type (CWE)

Stack-based Buffer Overflow

CWE-121

CVSS v3.1

Base Score:	6.7
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-35867

Date: August 3, 2022

Language: C

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?