CVE-2021-4032

MEDIUM

Linux Kernel <5.15 rc7 - DoS

Title source: llm

Description

A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due to mishandling of memory errors that happens during VCPU construction, which allows an attacker with special user privilege to cause a denial of service. This flaw affects kernel versions prior to 5.15 rc7.

References (3)

[Issue Tracking, Patch, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2027403

[Exploit, Patch, Third Party Advisory] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7d8a19f9a056a05c5c509fa65af472a322abfee

[Exploit, Third Party Advisory] https://lkml.org/lkml/2021/9/8/587

Scores

CVSS v3 4.4

EPSS 0.0005

EPSS Percentile 14.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-459

Status published

Products (2)

linux/linux_kernel 5.15 (7 CPE variants)

linux/linux_kernel < 5.14

Published Jan 21, 2022

Tracked Since Feb 18, 2026