Home > Vulnerability Database > CVE-2021-4032

Mend.io Vulnerability Database

CVE-2021-4032

Date: January 21, 2022

A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due to mishandling of memory errors that happens during VCPU construction, which allows an attacker with special user privilege to cause a denial of service. This flaw affects kernel versions prior to 5.15 rc7.

Severity Score

4.4

Related Resources (7)

Url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7d8a19f9a056a05c5c509fa65af472a322abfee

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-4032

Url: https://access.redhat.com/security/cve/CVE-2021-4032

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2027403

Url: https://lkml.org/lkml/2021/9/8/587

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-4032

Url: https://www.mend.io/vulnerability-database/CVE-2021-4032

Severity Score

4.4

Weakness Type (CWE)

Incomplete Cleanup

CWE-459

CVSS v3.1

Base Score:	4.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	4.9
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-4032

Date: January 21, 2022

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?