CVE-2021-46907

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved. The issue is related to KVM: VMX, where vmx handle exit() uses vcpu->run->internal.ndata as an index for an array access. Since vcpu->run can be mapped to a user address space with writer permission, the ndata could be updated by a user process at any time, potentially setting it outside the bounds of the array. This makes it unsafe for vmx handle exit() to use ndata in this way.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.