7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
39.5%
It was discovered that the KVM hypervisor implementation in the Linux
kernel did not properly perform reference counting in some situations,
leading to a use-after-free vulnerability. An attacker who could start and
control a VM could possibly use this to expose sensitive information or
execute arbitrary code. (CVE-2021-22543)
It was discovered that the tracing subsystem in the Linux kernel did not
properly keep track of per-cpu ring buffer state. A privileged attacker
could use this to cause a denial of service. (CVE-2021-3679)
Alois Wohlschlager discovered that the overlay file system in the Linux
kernel did not restrict private clones in some situations. An attacker
could use this to expose sensitive information. (CVE-2021-3732)
Alexey Kardashevskiy discovered that the KVM implementation for PowerPC
systems in the Linux kernel did not properly validate RTAS arguments in
some situations. An attacker in a guest vm could use this to cause a denial
of service (host OS crash) or possibly execute arbitrary code.
(CVE-2021-37576)
It was discovered that the MAX-3421 host USB device driver in the Linux
kernel did not properly handle device removal events. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2021-38204)
It was discovered that the Xilinx 10/100 Ethernet Lite device driver in the
Linux kernel could report pointer addresses in some situations. An attacker
could use this information to ease the exploitation of another
vulnerability. (CVE-2021-38205)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 18.04 | noarch | linux-image-4.15.0-1028-dell300x | < 4.15.0-1028.33 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-image-4.15.0-1028-dell300x-dbgsym | < 4.15.0-1028.33 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-image-4.15.0-1081-oracle | < 4.15.0-1081.89 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-image-4.15.0-1081-oracle-dbgsym | < 4.15.0-1081.89 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-image-4.15.0-1100-kvm | < 4.15.0-1100.102 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-buildinfo-4.15.0-1100-kvm | < 4.15.0-1100.102 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-headers-4.15.0-1100-kvm | < 4.15.0-1100.102 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-image-4.15.0-1100-kvm-dbgsym | < 4.15.0-1100.102 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-kvm-headers-4.15.0-1100 | < 4.15.0-1100.102 | UNKNOWN |
Ubuntu | 18.04 | noarch | linux-kvm-tools-4.15.0-1100 | < 4.15.0-1100.102 | UNKNOWN |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
39.5%