Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-22543

An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.

Published

2021-05-26T11:15:08.623

Last Modified

2024-11-21T05:50:18.270

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-119
Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	2021-05-18	Yes
Operating System	fedoraproject	fedora	33	Yes
Operating System	fedoraproject	fedora	34	Yes
Operating System	debian	debian_linux	9.0	Yes
Operating System	netapp	h410c_firmware	-	Yes
Hardware	netapp	h410c	-	No
Operating System	netapp	h300s_firmware	-	Yes
Hardware	netapp	h300s	-	No
Operating System	netapp	h500s_firmware	-	Yes
Hardware	netapp	h500s	-	No
Operating System	netapp	h700s_firmware	-	Yes
Hardware	netapp	h700s	-	No
Operating System	netapp	h300e_firmware	-	Yes
Hardware	netapp	h300e	-	No
Operating System	netapp	h500e_firmware	-	Yes
Hardware	netapp	h500e	-	No
Operating System	netapp	h700e_firmware	-	Yes
Hardware	netapp	h700e	-	No
Operating System	netapp	h410s_firmware	-	Yes
Hardware	netapp	h410s	-	No
Application	netapp	cloud_backup	-	Yes
Operating System	netapp	solidfire_baseboard_management_controller_firmware	-	Yes

References

http://www.openwall.com/lists/oss-security/2021/06/26/1 Mailing List ([email protected])
https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584 Exploit, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html Mailing List, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4G5YBUVEPHZYXMKNGBZ3S6INFCTEEL4E/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROQIXQB7ZAWI3KSGSHR6H5RDUWZI775S/ ([email protected])
https://security.netapp.com/advisory/ntap-20210708-0002/ Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2021/06/26/1 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4G5YBUVEPHZYXMKNGBZ3S6INFCTEEL4E/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROQIXQB7ZAWI3KSGSHR6H5RDUWZI775S/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210708-0002/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)