{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Linux Kernel", "repo": "https://github.com/torvalds/linux", "vendor": "Linux Kernel", "versions": [{"lessThan": "f8be156be163a052a067306417cd0ff679068c97", "status": "affected", "version": "add6a0cd1c5ba51b201e1361b05a5df817083618", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "finder", "value": "David Stevens"}, {"lang": "en", "type": "finder", "value": "Kevin Hamacher"}, {"lang": "en", "type": "finder", "value": "Jann Horn"}], "datePublic": "2021-05-17T14:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.</p>"}], "value": "An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2024-05-15T10:21:33.485Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584"}, {"name": "[oss-security] 20210626 Re: CVE-2021-22543 - /dev/kvm LPE", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/06/26/1"}, {"name": "FEDORA-2021-fe826f202e", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4G5YBUVEPHZYXMKNGBZ3S6INFCTEEL4E/"}, {"name": "FEDORA-2021-95f2f1cfc7", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROQIXQB7ZAWI3KSGSHR6H5RDUWZI775S/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20210708-0002/"}, {"name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"}, {"name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Improper memory handling in Linux KVM", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "DATE_PUBLIC": "2021-05-18T10:00:00.000Z", "ID": "CVE-2021-22543", "STATE": "PUBLIC", "TITLE": "Improper memory handling in Linux KVM"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "David Stevens"}, {"lang": "eng", "value": "Kevin Hamacher"}, {"lang": "eng", "value": "Jann Horn"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}]}, "references": {"reference_data": [{"name": "https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584", "refsource": "MISC", "url": "https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584"}, {"name": "[oss-security] 20210626 Re: CVE-2021-22543 - /dev/kvm LPE", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/06/26/1"}, {"name": "FEDORA-2021-fe826f202e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4G5YBUVEPHZYXMKNGBZ3S6INFCTEEL4E/"}, {"name": "FEDORA-2021-95f2f1cfc7", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROQIXQB7ZAWI3KSGSHR6H5RDUWZI775S/"}, {"name": "https://security.netapp.com/advisory/ntap-20210708-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210708-0002/"}, {"name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"}, {"name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:44:14.043Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584"}, {"name": "[oss-security] 20210626 Re: CVE-2021-22543 - /dev/kvm LPE", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/06/26/1"}, {"name": "FEDORA-2021-fe826f202e", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4G5YBUVEPHZYXMKNGBZ3S6INFCTEEL4E/"}, {"name": "FEDORA-2021-95f2f1cfc7", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROQIXQB7ZAWI3KSGSHR6H5RDUWZI775S/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20210708-0002/"}, {"name": "[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"}, {"name": "[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"}]}]}, "cveMetadata": {"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2021-22543", "datePublished": "2021-05-26T10:30:10.775212Z", "dateReserved": "2021-01-05T00:00:00", "dateUpdated": "2024-09-16T23:26:05.122Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:2021-05-18:*:*:*:*:*:*:*", "matchCriteriaId": "432E3E22-ACD7-413C-AF97-4DFCFCECE467", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*", "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*", "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*", "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true}, {"criteria": "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Linux: KVM mediante del manejo inapropiado de Los vmas VM_IO|VM_PFNMAP en KVM pueden omitir unas comprobaciones RO y puede conllevar a que las p\u00e1ginas sean liberadas mientras el VMM y el invitado a\u00fan pueden acceder a ellas. Esto permite a usuarios con la capacidad de iniciar y controlar una m\u00e1quina virtual leer y escribir p\u00e1ginas aleatorias de memoria y puede resultar en una escalada de privilegios local"}], "id": "CVE-2021-22543", "lastModified": "2024-05-29T20:15:09.870", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "LOW", "subsequentSystemConfidentiality": "HIGH", "subsequentSystemIntegrity": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "cve-coordination@google.com", "type": "Secondary"}]}, "published": "2021-05-26T11:15:08.623", "references": [{"source": "cve-coordination@google.com", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/06/26/1"}, {"source": "cve-coordination@google.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584"}, {"source": "cve-coordination@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"}, {"source": "cve-coordination@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"}, {"source": "cve-coordination@google.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4G5YBUVEPHZYXMKNGBZ3S6INFCTEEL4E/"}, {"source": "cve-coordination@google.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROQIXQB7ZAWI3KSGSHR6H5RDUWZI775S/"}, {"source": "cve-coordination@google.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210708-0002/"}], "sourceIdentifier": "cve-coordination@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "cve-coordination@google.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2022:5640", "cpe": "cpe:/o:redhat:rhel_els:6", "package": "kernel-0:2.6.32-754.48.1.el6", "product_name": "Red Hat Enterprise Linux 6 Extended Lifecycle Support", "release_date": "2022-07-19T00:00:00Z"}, {"advisory": "RHSA-2021:3802", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-1160.45.1.rt56.1185.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-10-12T00:00:00Z"}, {"advisory": "RHSA-2021:3768", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-10-12T00:00:00Z"}, {"advisory": "RHSA-2021:3801", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-1160.45.1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-10-12T00:00:00Z"}, {"advisory": "RHSA-2021:3767", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "kernel-0:3.10.0-327.101.1.el7", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2021-10-12T00:00:00Z"}, {"advisory": "RHSA-2021:3766", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "kernel-0:3.10.0-514.93.1.el7", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2021-10-12T00:00:00Z"}, {"advisory": "RHSA-2021:3725", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "kernel-0:3.10.0-693.94.1.el7", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2021-10-05T00:00:00Z"}, {"advisory": "RHSA-2021:3812", "cpe": "cpe:/o:redhat:rhel_aus:7.6", "package": "kernel-0:3.10.0-957.84.1.el7", "product_name": "Red Hat Enterprise Linux 7.6 Advanced Update Support", "release_date": "2021-10-12T00:00:00Z"}, {"advisory": "RHSA-2021:3812", "cpe": "cpe:/o:redhat:rhel_tus:7.6", "package": "kernel-0:3.10.0-957.84.1.el7", "product_name": "Red Hat Enterprise Linux 7.6 Telco Extended Update Support", "release_date": "2021-10-12T00:00:00Z"}, {"advisory": "RHSA-2021:3812", "cpe": "cpe:/o:redhat:rhel_e4s:7.6", "package": "kernel-0:3.10.0-957.84.1.el7", "product_name": "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions", "release_date": "2021-10-12T00:00:00Z"}, {"advisory": "RHSA-2021:3814", "cpe": "cpe:/o:redhat:rhel_e4s:7.6", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions", "release_date": "2021-10-12T00:00:00Z"}, {"advisory": "RHSA-2021:3987", "cpe": "cpe:/o:redhat:rhel_aus:7.7", "package": "kernel-0:3.10.0-1062.59.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date": "2021-10-26T00:00:00Z"}, {"advisory": "RHSA-2021:3987", "cpe": "cpe:/o:redhat:rhel_tus:7.7", "package": "kernel-0:3.10.0-1062.59.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Telco Extended Update Support", "release_date": "2021-10-26T00:00:00Z"}, {"advisory": "RHSA-2021:3987", "cpe": "cpe:/o:redhat:rhel_e4s:7.7", "package": "kernel-0:3.10.0-1062.59.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions", "release_date": "2021-10-26T00:00:00Z"}, {"advisory": "RHSA-2021:4000", "cpe": "cpe:/o:redhat:rhel_e4s:7.7", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions", "release_date": "2021-10-26T00:00:00Z"}, {"advisory": "RHSA-2021:3088", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-305.12.1.rt7.84.el8_4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-08-10T00:00:00Z"}, {"advisory": "RHSA-2021:3044", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-08-10T00:00:00Z"}, {"advisory": "RHSA-2021:3057", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-305.12.1.el8_4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-08-10T00:00:00Z"}, {"advisory": "RHSA-2021:3173", "cpe": "cpe:/o:redhat:rhel_eus:8.1", "package": "kernel-0:4.18.0-147.52.1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-08-17T00:00:00Z"}, {"advisory": "RHSA-2021:3181", "cpe": "cpe:/o:redhat:rhel_eus:8.1", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-08-17T00:00:00Z"}, {"advisory": "RHSA-2021:3375", "cpe": "cpe:/a:redhat:rhel_eus:8.2::nfv", "package": "kernel-rt-0:4.18.0-193.64.1.rt13.115.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-08-31T00:00:00Z"}, {"advisory": "RHSA-2021:3363", "cpe": "cpe:/o:redhat:rhel_eus:8.2", "package": "kernel-0:4.18.0-193.64.1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-08-31T00:00:00Z"}, {"advisory": "RHSA-2021:3380", "cpe": "cpe:/o:redhat:rhel_eus:8.2", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-08-31T00:00:00Z"}, {"advisory": "RHSA-2021:3943", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-virtualization-host-0:4.3.19-20211013.0.el7_9", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2021-10-20T00:00:00Z"}, {"advisory": "RHSA-2021:3235", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "redhat-virtualization-host-0:4.4.7-20210804.0.el8_4", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2021-08-19T00:00:00Z"}], "bugzilla": {"description": "kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks", "id": "1965461", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965461"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-863", "details": ["An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.", "A flaw was found in the Linux kernel\u2019s KVM implementation, where improper handing of the VM_IO|VM_PFNMAP VMAs in KVM bypasses RO checks and leads to pages being freed while still accessible by the VMM and guest. This flaw allows users who can start and control a VM to read/write random pages of memory, resulting in local privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, and system availability."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible."}, "name": "CVE-2021-22543", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-05-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-22543\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-22543\nhttps://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584"], "statement": "Both Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8 leverage udev to set the proper permissions (ugo=rw) of the `/dev/kvm` device, making it accessible to all users. It is worth noting that while the KVM rule is part of the main udev package in Red Hat Enterprise Linux 8, the same rule is shipped with the `qemu-kvm` package in Red Hat Enterprise Linux 7. In other words, Red Hat Enterprise Linux 7 does not expose `/dev/kvm` to unprivileged users by default, as long as the `qemu-kvm` package is not installed.", "threat_severity": "Important", "upstream_fix": "kernel 5.13"}