PT-2021-7295 · Linux+1 · Linux Kernel+1

Hao Sun

Published

2021-09-08

Updated

2023-08-14

CVE-2021-4032

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.15 rc7

Description The issue is related to incomplete cleanup of temporary or auxiliary resources in the arch/x86/kvm/lapic.c component of the Kernel-based Virtual Machine (KVM) subsystem in the Linux kernel. This can lead to a denial of service when a failure allocation is detected, causing the KVM subsystem to crash the kernel due to mishandling of memory errors during VCPU construction. An attacker with special user privileges can exploit this to cause a denial of service.

Recommendations For Linux kernel versions prior to 5.15 rc7, update to version 5.15 rc7 or later to resolve the issue.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-459

Related Identifiers

ALT-PU-2021-2824

ALT-PU-2021-2926

ALT-PU-2021-3041

ALT-PU-2021-3563

ALT-PU-2021-3573

ALT-PU-2022-1240

ALT-PU-2022-1419

ALT-PU-2022-1421

ALT-PU-2023-1814

ALT-PU-2023-4894

BDU:2022-05414

CVE-2021-4032

Affected Products

Alt Linux

Linux Kernel

PT-2021-7295 · Linux+1 · Linux Kernel+1

CVE-2021-4032

Weakness Enumeration

Related Identifiers

Affected Products

References · 10