CVE-2021-47062

2024-03-0105:01:55

redhat.com

access.redhat.com

linux kernel

vulnerability

online_vcpus

created_vcpus

vmsas

sev

null-pointer

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

A flaw was found in the Linux kernel’s Kernel-based virtual machine (KVM) subsystem for AMD’s Secure virtual machine (SVM). The issue occurs when using the created_vcpus list to iterate over vCPUs instead of the online_vcpus list, leading to a possible NULL pointer dereference. This vulnerability impacts the encryption of Virtual Machine Save Areas (VMSAs) for Secure Encrypted Virtualization (SEV).