CVE-2021-4095 — NULL Pointer Dereference in Linux

CWE-476 — NULL Pointer Dereference6 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 70.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Fedoraproject Fedora +2 more

Timeline

PublishedMar 10

Latest updateMar 11

Description

A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

▶Debianlinux/linux_kernel< 5.17.3-1+2

▶NVDlinux/linux_kernel5.16

▶CVEListV5linux/linux_kernelLinux kernel versions prior to 5.17-rc1

▶msrcmsrc/cbl2_kernel_5.15.37.1-2_on_cbl_mariner_2.0

▶msrcmsrc/cm1_kernel_5.10.102.1-3_on_cbl_mariner_1.0

Also affects: Fedora 34, 35

Patches

Patch: www.openwall.com ↗Patch: bugzilla.redhat.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-p8x3-xpch-p28r: A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context↗2022-03-11

▶

OSV

CVE-2021-4095: A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context↗2022-03-10

▶

📋Vendor Advisories

Microsoft

▶

Red Hat

kernel: KVM: NULL pointer dereference in kvm_dirty_ring_get() in virt/kvm/dirty_ring.c↗2021-10-19

▶

Debian

CVE-2021-4095: linux - A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring l...↗2021

▶