CVE-2021-47062

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a possible null-pointer dereference in the KVM subsystem of the Linux kernel. This occurs when using the created vcpus parameter instead of online vcpus to iterate over vCPUs when encrypting VMSAs for SEV. The created vcpus parameter does not guarantee that a vCPU exists, as it is updated at the beginning of KVM CREATE VCPU. This allows the bulk of vCPU creation to run in parallel while restricting the maximum number of vCPUs. The vulnerability may be exploited by a remote attacker to cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.