Vulnerability Details : CVE-2021-4095

A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1.

Vulnerability category: Memory CorruptionDenial of service

Published 2022-03-10 17:44:54

Updated 2022-07-28 18:01:22

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2021-4095

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-4095

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
1.9	LOW	AV:L/AC:M/Au:N/C:N/I:N/A:P	3.4	2.9	nvd@nist.gov
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	nvd@nist.gov
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2021-4095

CWE-476 NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Assigned by:
- nvd@nist.gov (Primary)
- secalert@redhat.com (Secondary)

References for CVE-2021-4095

https://bugzilla.redhat.com/show_bug.cgi?id=2031194

2031194 – (CVE-2021-4095) CVE-2021-4095 kernel: KVM: NULL pointer dereference in kvm_dirty_ring_get() in virt/kvm/dirty_ring.c
Exploit;Issue Tracking;Patch;Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT6573CGKVK3DU2632VVO5BVM4IU7SBV/

[SECURITY] Fedora 35 Update: kernel-5.17.4-200.fc35 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/01/17/1

oss-security - Re: CVE-2021-4095: kernel: KVM: NULL pointer dereference in kvm_dirty_ring_get() in virt/kvm/dirty_ring.c
Exploit;Mailing List;Patch;Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIOQN7JJNN6ABIDGRSTVZA65MHRLMH2Q/

[SECURITY] Fedora 34 Update: kernel-tools-5.17.4-100.fc34 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

Products affected by CVE-2021-4095

Linux » Linux Kernel
Versions up to, including, (<=) 5.16
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 34
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 35
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Matching versions