QwikSec

Security Database

CVE

CWE

Training

CVE-2021-4095

Published: Mar 8, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1.

Vendor	Product	Versions
n/a	kernel	affected `Linux kernel versions prior to 5.17-rc1`

Weaknesses (CWE)

References

[oss-security] 20220117 Re: CVE-2021-4095: kernel: KVM: NULL pointer dereference in kvm_dirty_ring_get() in virt/kvm/dirty_ring.c

mailing-list

x_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=2031194

x_refsource_MISC

FEDORA-2022-0816754490

vendor-advisory

x_refsource_FEDORA

FEDORA-2022-8efcea6e67

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.