CVE-2021-4032

A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due to mishandling of memory errors that happens during VCPU construction, which allows an attacker with special user privilege to cause a denial of service. This flaw affects kernel versions prior to 5.15 rc7.

CVSS v3 4.4 MEDIUM
CVSS v2.0 4.9 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2027403	Issue Tracking Patch Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7d8a19f9a056a05c5c509fa65af472a322abfee	Exploit Patch Third Party Advisory
https://lkml.org/lkml/2021/9/8/587	Exploit Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2027403	Issue Tracking Patch Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7d8a19f9a056a05c5c509fa65af472a322abfee	Exploit Patch Third Party Advisory
https://lkml.org/lkml/2021/9/8/587	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.15:-::::::
	cpe:2.3:o:linux:linux_kernel:5.15:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.15:rc2::::::
	cpe:2.3:o:linux:linux_kernel:5.15:rc3::::::
	cpe:2.3:o:linux:linux_kernel:5.15:rc4::::::
	cpe:2.3:o:linux:linux_kernel:5.15:rc5::::::
	cpe:2.3:o:linux:linux_kernel:5.15:rc6::::::

History

21 Nov 2024, 06:36

Type	Values Removed	Values Added
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2027403 - Issue Tracking, Patch, Third Party Advisory~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2027403 - Issue Tracking, Patch, Third Party Advisory
References	~~() https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7d8a19f9a056a05c5c509fa65af472a322abfee - Exploit, Patch, Third Party Advisory~~	() https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7d8a19f9a056a05c5c509fa65af472a322abfee - Exploit, Patch, Third Party Advisory
References	~~() https://lkml.org/lkml/2021/9/8/587 - Exploit, Third Party Advisory~~	() https://lkml.org/lkml/2021/9/8/587 - Exploit, Third Party Advisory

Information

Published : 2022-01-21 19:15

Updated : 2024-11-21 06:36

NVD link : CVE-2021-4032

Mitre link : CVE-2021-4032

CVE.ORG link : CVE-2021-4032

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-459

Incomplete Cleanup

4.4 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.9 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2021-4032

4.4^/10

4.9^/10

Attach tags to `CVE-2021-4032`