4.9
CVE-2021-4032
- EPSS 0.05%
- Published 21.01.2022 19:15:09
- Last modified 21.11.2024 06:36:45
- Source secalert@redhat.com
- CVE-Watchlists
- Open
A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due to mishandling of memory errors that happens during VCPU construction, which allows an attacker with special user privilege to cause a denial of service. This flaw affects kernel versions prior to 5.15 rc7.
Data is provided by the National Vulnerability Database (NVD)
	Linux ≫ Linux Kernel  Version <= 5.14
	Linux ≫ Linux Kernel Version5.15 Update- 
	Linux ≫ Linux Kernel Version5.15 Updaterc1 
	Linux ≫ Linux Kernel Version5.15 Updaterc2 
	Linux ≫ Linux Kernel Version5.15 Updaterc3 
	Linux ≫ Linux Kernel Version5.15 Updaterc4 
	Linux ≫ Linux Kernel Version5.15 Updaterc5 
	Linux ≫ Linux Kernel Version5.15 Updaterc6 
| Type | Source | Score | Percentile | 
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.139 | 
| Source | Base Score | Exploit Score | Impact Score | Vector string | 
|---|---|---|---|---|
| nvd@nist.gov | 4.4 | 0.8 | 3.6 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H  | 
| nvd@nist.gov | 4.9 | 3.9 | 6.9 | AV:L/AC:L/Au:N/C:N/I:N/A:C  | 
CWE-459 Incomplete Cleanup
The product does not properly "clean up" and remove temporary or supporting resources after they have been used.