PT-2021-4246 · Kvm+10 · Kvm+10

David Stevens

+2

·

Published

2021-05-18

·

Updated

2025-03-11

·

CVE-2021-22543

CVSS v4.0

8.7

High

VectorAV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L
Name of the Vulnerable Software and Affected Versions Linux (affected versions not specified)
Description The issue is caused by improper handling of VM IO|VM PFNMAP vmas in KVM, which can bypass RO checks and lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory, resulting in local privilege escalation.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

LPE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALSA-2021:3057
ALT-PU-2021-2102
ALT-PU-2021-2103
ALT-PU-2021-2201
ALT-PU-2021-2207
ALT-PU-2021-2221
ALT-PU-2021-2370
ALT-PU-2021-2672
ALT-PU-2021-2677
ALT-PU-2021-2678
ALT-PU-2021-2737
ALT-PU-2021-2751
ALT-PU-2022-1240
BDU:2021-04854
CESA-2021_3044
CESA-2021_3057
CESA-2021_3088
CESA-2021_3801
CVE-2021-22543
DLA-2785-1
DLA-2843-1
GHSA-7WQ5-PHMQ-M584
MGASA-2021-0347
MGASA-2021-0348
OESA-2021-1366
OPENSUSE-SU-2021:1142-1
OPENSUSE-SU-2021:2645-1
OPENSUSE-SU-2021:2687-1
OPENSUSE-SU-2021:3876-1
OPENSUSE-SU-2021_1142-1
OPENSUSE-SU-2021_2645-1
OPENSUSE-SU-2021_2687-1
OPENSUSE-SU-2021_3876-1
RHSA-2021:3044
RHSA-2021:3057
RHSA-2021:3088
RHSA-2021:3173
RHSA-2021:3181
RHSA-2021:3235
RHSA-2021:3363
RHSA-2021:3375
RHSA-2021:3380
RHSA-2021:3725
RHSA-2021:3766
RHSA-2021:3767
RHSA-2021:3768
RHSA-2021:3801
RHSA-2021:3802
RHSA-2021:3812
RHSA-2021:3814
RHSA-2021:3943
RHSA-2021:3987
RHSA-2021:4000
RHSA-2021_3057
RHSA-2021_3088
RHSA-2021_3801
RHSA-2021_3802
RHSA-2022:5640
RHSA-2022_5640
RLSA-2021:3057
RLSA-2021:3088
SUSE-SU-2021:2643-1
SUSE-SU-2021:2644-1
SUSE-SU-2021:2645-1
SUSE-SU-2021:2646-1
SUSE-SU-2021:2647-1
SUSE-SU-2021:2678-1
SUSE-SU-2021:2687-1
SUSE-SU-2021:2695-1
SUSE-SU-2021:2746-1
SUSE-SU-2021:2756-1
SUSE-SU-2021:3876-1
SUSE-SU-2021:3969-1
SUSE-SU-2021:3972-1
SUSE-SU-2021_2695-1
SUSE-SU-2025:0834-1
SUSE-SU-2025_0834-1
USN-5070-1
USN-5071-1
USN-5071-2
USN-5071-3
USN-5094-1
USN-5094-2
USN-5106-1
USN-5120-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Kvm
Linux
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu