CVE-2021-31422

HIGH Year: 2021
CVSS v3 Score
7.5
High
CVSS v2 Score
4.4
Medium
Weakness Type
CWE-367
View all →

Vulnerability Description

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000e virtual device. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12527.

Related Vulnerabilities

CVE-2019-7347

HIGH
CVSS:7.5(High)

A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a no...

CWE-3672019

CVE-2020-14674

HIGH
CVSS:7.5(High)

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult t...

CWE-3672020

CVE-2020-14675

HIGH
CVSS:7.5(High)

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult t...

CWE-3672020

CVE-2020-14677

HIGH
CVSS:7.5(High)

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult t...

CWE-3672020

CVE-2021-20181

HIGH
CVSS:7.5(High)

A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating thei...

CWE-3672021

CVE-2021-22043

HIGH
CVSS:7.5(High)

VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escala...

CWE-3672021