| Vulnerability Name: | CVE-2021-4032 (CCN-217997) | ||||||||||||
| Assigned: | 2021-10-18 | ||||||||||||
| Published: | 2021-10-18 | ||||||||||||
| Updated: | 2022-01-28 | ||||||||||||
| Summary: | A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due to mishandling of memory errors that happens during VCPU construction, which allows an attacker with special user privilege to cause a denial of service. This flaw affects kernel versions prior to 5.15 rc7. | ||||||||||||
| CVSS v3 Severity: | 4.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) 3.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-459 | ||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2021-4032 Source: MISC Type: Issue Tracking, Patch, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=2027403 Source: XF Type: UNKNOWN linux-kernel-cve20214032-dos(217997) Source: CCN Type: Linux Kernel GIT Repository Revert KVM: x86: Open code necessary bits of kvm_lapic_set_base() at vCPU RESET Source: MISC Type: Exploit, Patch, Third Party Advisory https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7d8a19f9a056a05c5c509fa65af472a322abfee Source: MISC Type: Exploit, Third Party Advisory https://lkml.org/lkml/2021/9/8/587 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||