cnvd - cnvd-2022-69199

cnvd-2022-69199

Vulnerability from cnvd

Title: Linux Kernel kvm_dirty_ring_get()函数拒绝服务漏洞

Description:

Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。

Linux Kernel kvm_dirty_ring_get()存在函数拒绝服务漏洞，该漏洞是由于在未创建vCPU的情况下，virt/kvm/dirty_ring.c中的kvm_dirty_ring（）函数存在NULL指针取消引用漏洞造成的。本地经过身份验证的攻击者可以利用此漏洞造成拒绝服务条件。

Severity: 低

Patch Name: Linux Kernel kvm_dirty_ring_get()函数拒绝服务漏洞的补丁

Patch Description:

Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。

Linux Kernel kvm_dirty_ring_get()存在函数拒绝服务漏洞，该漏洞是由于在未创建vCPU的情况下，virt/kvm/dirty_ring.c中的kvm_dirty_ring（）函数存在NULL指针取消引用漏洞造成的。本地经过身份验证的攻击者可以利用此漏洞造成拒绝服务条件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://vigilance.fr/vulnerability/Linux-kernel-NULL-pointer-dereference-via-kvm-dirty-ring-get-37072

Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-4095

Impacted products

Name
Linux Linux kernel <5.17-rc1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-4095",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-4095"
    }
  },
  "description": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\n\nLinux Kernel kvm_dirty_ring_get()\u5b58\u5728\u51fd\u6570\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u5728\u672a\u521b\u5efavCPU\u7684\u60c5\u51b5\u4e0b\uff0cvirt/kvm/dirty_ring.c\u4e2d\u7684kvm_dirty_ring\uff08\uff09\u51fd\u6570\u5b58\u5728NULL\u6307\u9488\u53d6\u6d88\u5f15\u7528\u6f0f\u6d1e\u9020\u6210\u7684\u3002\u672c\u5730\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://vigilance.fr/vulnerability/Linux-kernel-NULL-pointer-dereference-via-kvm-dirty-ring-get-37072",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-69199",
  "openTime": "2022-10-17",
  "patchDescription": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\r\n\r\nLinux Kernel kvm_dirty_ring_get()\u5b58\u5728\u51fd\u6570\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u5728\u672a\u521b\u5efavCPU\u7684\u60c5\u51b5\u4e0b\uff0cvirt/kvm/dirty_ring.c\u4e2d\u7684kvm_dirty_ring\uff08\uff09\u51fd\u6570\u5b58\u5728NULL\u6307\u9488\u53d6\u6d88\u5f15\u7528\u6f0f\u6d1e\u9020\u6210\u7684\u3002\u672c\u5730\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u6761\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Linux Kernel kvm_dirty_ring_get()\u51fd\u6570\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Linux Linux kernel \u003c5.17-rc1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-4095",
  "serverity": "\u4f4e",
  "submitTime": "2021-12-24",
  "title": "Linux Kernel kvm_dirty_ring_get()\u51fd\u6570\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2021-4095 (GCVE-0-2021-4095)

Vulnerability from cvelistv5

Published

2022-03-08 14:05

Modified

2024-08-03 17:16

Severity ?

CWE

CWE-476

Summary

A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1.

References

▼	URL	Tags
	http://www.openwall.com/lists/oss-security/2022/01/17/1	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=2031194	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIOQN7JJNN6ABIDGRSTVZA65MHRLMH2Q/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT6573CGKVK3DU2632VVO5BVM4IU7SBV/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	kernel	Version: Linux kernel versions prior to 5.17-rc1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:16:03.545Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20220117 Re: CVE-2021-4095: kernel: KVM: NULL pointer dereference in kvm_dirty_ring_get() in virt/kvm/dirty_ring.c",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/01/17/1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031194"
          },
          {
            "name": "FEDORA-2022-0816754490",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIOQN7JJNN6ABIDGRSTVZA65MHRLMH2Q/"
          },
          {
            "name": "FEDORA-2022-8efcea6e67",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT6573CGKVK3DU2632VVO5BVM4IU7SBV/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Linux kernel versions prior to 5.17-rc1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A NULL pointer dereference was found in the Linux kernel\u0027s KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-24T21:06:11",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20220117 Re: CVE-2021-4095: kernel: KVM: NULL pointer dereference in kvm_dirty_ring_get() in virt/kvm/dirty_ring.c",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/01/17/1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031194"
        },
        {
          "name": "FEDORA-2022-0816754490",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIOQN7JJNN6ABIDGRSTVZA65MHRLMH2Q/"
        },
        {
          "name": "FEDORA-2022-8efcea6e67",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT6573CGKVK3DU2632VVO5BVM4IU7SBV/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2021-4095",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "kernel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Linux kernel versions prior to 5.17-rc1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A NULL pointer dereference was found in the Linux kernel\u0027s KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-476"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20220117 Re: CVE-2021-4095: kernel: KVM: NULL pointer dereference in kvm_dirty_ring_get() in virt/kvm/dirty_ring.c",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/01/17/1"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2031194",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031194"
            },
            {
              "name": "FEDORA-2022-0816754490",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIOQN7JJNN6ABIDGRSTVZA65MHRLMH2Q/"
            },
            {
              "name": "FEDORA-2022-8efcea6e67",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT6573CGKVK3DU2632VVO5BVM4IU7SBV/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-4095",
    "datePublished": "2022-03-08T14:05:00",
    "dateReserved": "2021-12-10T00:00:00",
    "dateUpdated": "2024-08-03T17:16:03.545Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted