CVE-2021-4095

2022-03-1000:00:00

ubuntu.com

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

A NULL pointer dereference was found in the Linux kernel’s KVM when dirty
ring logging is enabled without an active vCPU context. An unprivileged
local attacker on the host may use this flaw to cause a kernel oops
condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR
ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1.

Bugs

<https://bugzilla.redhat.com/show_bug.cgi?id=2031194>

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchlinux< anyUNKNOWN
ubuntu22.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws-5.15< anyUNKNOWN
ubuntu22.04noarchlinux-azure< anyUNKNOWN
ubuntu20.04noarchlinux-azure-5.15< anyUNKNOWN
ubuntu22.04noarchlinux-azure-fde< anyUNKNOWN
ubuntu20.04noarchlinux-azure-fde-5.15< anyUNKNOWN
ubuntu22.04noarchlinux-bluefield< anyUNKNOWN
ubuntu22.04noarchlinux-gcp< anyUNKNOWN
ubuntu20.04noarchlinux-gcp-5.15< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	22.04	noarch	linux	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< any	UNKNOWN
ubuntu	22.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	20.04	noarch	linux-azure-5.15	< any	UNKNOWN
ubuntu	22.04	noarch	linux-azure-fde	< any	UNKNOWN
ubuntu	20.04	noarch	linux-azure-fde-5.15	< any	UNKNOWN
ubuntu	22.04	noarch	linux-bluefield	< any	UNKNOWN
ubuntu	22.04	noarch	linux-gcp	< any	UNKNOWN
ubuntu	20.04	noarch	linux-gcp-5.15	< any	UNKNOWN