7.1

CVE-2021-47255

In the Linux kernel, the following vulnerability has been resolved:

kvm: LAPIC: Restore guard to prevent illegal APIC register access

Per the SDM, "any access that touches bytes 4 through 15 of an APIC
register may cause undefined behavior and must not be executed."
Worse, such an access in kvm_lapic_reg_read can result in a leak of
kernel stack contents. Prior to commit 01402cf81051 ("kvm: LAPIC:
write down valid APIC registers"), such an access was explicitly
disallowed. Restore the guard that was removed in that commit.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Data is provided by the National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.3 < 5.4.128
LinuxLinux Kernel Version >= 5.5 < 5.10.46
LinuxLinux Kernel Version >= 5.11 < 5.12.13
LinuxLinux Kernel Version5.13 Updaterc1
LinuxLinux Kernel Version5.13 Updaterc2
LinuxLinux Kernel Version5.13 Updaterc3
LinuxLinux Kernel Version5.13 Updaterc4
LinuxLinux Kernel Version5.13 Updaterc5
LinuxLinux Kernel Version5.13 Updaterc6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.01% 0.009
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H