Vulnerability Description
A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due to mishandling of memory errors that happens during VCPU construction, which allows an attacker with special user privilege to cause a denial of service. This flaw affects kernel versions prior to 5.15 rc7.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | <= 5.14 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2027403Issue TrackingPatchThird Party Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7ExploitPatchThird Party Advisory
- https://lkml.org/lkml/2021/9/8/587ExploitThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2027403Issue TrackingPatchThird Party Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7ExploitPatchThird Party Advisory
- https://lkml.org/lkml/2021/9/8/587ExploitThird Party Advisory
FAQ
What is CVE-2021-4032?
CVE-2021-4032 is a vulnerability with a CVSS score of 4.4 (MEDIUM). A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due to ...
How severe is CVE-2021-4032?
CVE-2021-4032 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-4032?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.