PT-2021-4981 · Linux+9 · Linux Kernel+9

John Paul Adrian Glaubitz

+1

·

Published

2020-01-27

·

Updated

2024-06-25

·

CVE-2021-43056

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.15
Description The issue is related to an implementation bug in the arch/powerpc/kvm/book3s hv rmhandlers.S file, specifically in the handling of the SRR1 register values. This bug allows a malicious KVM guest to crash the host when it is running on Power8. The vulnerability is due to the lack of checking of returned data when processing SRR1 values.
Recommendations For versions prior to 5.14.15, update to version 5.14.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the KVM guest functionality to minimize the risk of exploitation.

Fix

Unchecked Return Value

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-252

Related Identifiers

ALSA-2022:1988
ALT-PU-2020-1104
ALT-PU-2020-1113
ALT-PU-2020-1122
ALT-PU-2020-1421
ALT-PU-2020-1450
ALT-PU-2020-1714
BDU:2021-05741
CESA-2022_1988
CVE-2021-43056
OPENSUSE-SU-2021:1477-1
OPENSUSE-SU-2021:3641-1
OPENSUSE-SU-2021:3675-1
OPENSUSE-SU-2021_1460-1
OPENSUSE-SU-2021_1477-1
OPENSUSE-SU-2021_3641-1
OPENSUSE-SU-2021_3655-1
OPENSUSE-SU-2021_3675-1
OPENSUSE-SU-2024_2185-1
OPENSUSE-SU-2024_2189-1
RHSA-2022:1988
RHSA-2022_1988
RLSA-2022:1988
SUSE-SU-2021:3640-1
SUSE-SU-2021:3641-1
SUSE-SU-2021:3642-1
SUSE-SU-2021:3658-1
SUSE-SU-2021:3675-1
SUSE-SU-2021:3754-1
SUSE-SU-2024:2008-1
SUSE-SU-2024:2010-1
SUSE-SU-2024:2183-1
SUSE-SU-2024:2185-1
SUSE-SU-2024:2189-1
USN-5139-1
USN-5165-1
USN-5208-1
USN-5210-1
USN-5210-2
USN-5218-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu