CVE-2021-4032
MEDIUMLinux Kernel < 5.15 rc7 - Denial of Service in KVM VCPU Construction
Title source: llmDescription
A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due to mishandling of memory errors that happens during VCPU construction, which allows an attacker with special user privilege to cause a denial of service. This flaw affects kernel versions prior to 5.15 rc7.
References (3)
Core 3
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=2027403
Exploit, Patch, Third Party Advisory x_refsource_misc
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7d8a19f9a056a05c5c509fa65af472a322abfee
Exploit, Third Party Advisory x_refsource_misc
https://lkml.org/lkml/2021/9/8/587
Scores
CVSS v3
4.4
EPSS
0.0039
EPSS Percentile
30.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-459
Status
published
Products (2)
linux/linux_kernel
5.15 (7 CPE variants)
linux/linux_kernel
< 5.14
Published
Jan 21, 2022
Tracked Since
Feb 18, 2026