CVE-2021-4095
MEDIUMLinux Kernel < 5.17-rc1 - Denial of Service via KVM Dirty Ring Logging
Title source: llmDescription
A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1.
References (4)
Core 4
Core References
Exploit, Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2022/01/17/1
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=2031194
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIOQN7JJNN6ABIDGRSTVZA65MHRLMH2Q/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT6573CGKVK3DU2632VVO5BVM4IU7SBV/
Scores
CVSS v3
5.5
EPSS
0.0011
EPSS Percentile
29.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (3)
fedoraproject/fedora
34
fedoraproject/fedora
35
linux/linux_kernel
< 5.16
Published
Mar 10, 2022
Tracked Since
Feb 18, 2026