CVE-2021-4095

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.17-rc1

Description A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM XEN HVM SET ATTR ioctl.

Recommendations For Linux kernel versions prior to 5.17-rc1, update to version 5.17-rc1 or later to resolve the issue. As a temporary workaround, consider disabling dirty ring logging when no active vCPU context is present to minimize the risk of exploitation. Restrict access to the KVM XEN HVM SET ATTR ioctl to prevent unprivileged local attackers from causing a denial of service.