CVE-2021-4032

MEDIUM Year: 2021
CVSS v3 Score
4.4
Medium
CVSS v2 Score
4.9
Medium
Weakness Type
CWE-459
View all →

Vulnerability Description

A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due to mishandling of memory errors that happens during VCPU construction, which allows an attacker with special user privilege to cause a denial of service. This flaw affects kernel versions prior to 5.15 rc7.

Related Vulnerabilities

CVE-2021-4002

MEDIUM
CVSS:4.4(Medium)

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some...

CWE-4592021

CVE-2022-26074

MEDIUM
CVSS:4.4(Medium)

Incomplete cleanup in a firmware subsystem for Intel(R) SPS before versions SPS_E3_04.08.04.330.0 and SPS_E3_04.01.04.530.0 may allow a privileged user to potentially enable denial of service via loca...

CWE-4592022

CVE-2022-46298

MEDIUM
CVSS:4.4(Medium)

Incomplete cleanup for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access.

CWE-4592022

CVE-2023-31356

MEDIUM
CVSS:4.4(Medium)

Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity.

CWE-4592023

CVE-2023-52617

MEDIUM
CVSS:4.4(Medium)

In the Linux kernel, the following vulnerability has been resolved: PCI: switchtec: Fix stdev_release() crash after surprise hot remove A PCI device hot removal may occur while stdev->cdev is held ope...

CWE-4592023

CVE-2018-17467

MEDIUM
CVSS:4.3(Medium)

Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML...

CWE-4592018