Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

CVE-2021-22543

Disclosure Date: May 18, 2021
CVE-2021-22543 CVSS v3 Base Score: 7.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.8 High
Impact Score:
5.9
Exploitability Score:
1.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Linux Kernel f8be156be163a052a067306417cd0ff679068c97
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • debian,
  • fedoraproject,
  • linux,
  • netapp

Products

  • cloud backup -,
  • debian linux 9.0,
  • fedora 33,
  • fedora 34,
  • h300e firmware -,
  • h300s firmware -,
  • h410c firmware -,
  • h410s firmware -,
  • h500e firmware -,
  • h500s firmware -,
  • h700e firmware -,
  • h700s firmware -,
  • linux kernel 2021-05-18,
  • solidfire baseboard management controller firmware -

References

Canonical
CVE-2021-22543 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22543)
Advisory
[oss-security] 20210526 Re: CVE-2021-22543 - /dev/kvm LPE (http://www.openwall.com/lists/oss-security/2021/05/26/4)
[oss-security] 20210526 CVE-2021-22543 - /dev/kvm LPE (http://www.openwall.com/lists/oss-security/2021/05/26/3)
[oss-security] 20210526 Re: CVE-2021-22543 - /dev/kvm LPE (http://www.openwall.com/lists/oss-security/2021/05/26/5)
[oss-security] 20210626 Re: CVE-2021-22543 - /dev/kvm LPE (http://www.openwall.com/lists/oss-security/2021/06/26/1)
FEDORA-2021-fe826f202e (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4G5YBUVEPHZYXMKNGBZ3S6INFCTEEL4E/)
FEDORA-2021-95f2f1cfc7 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROQIXQB7ZAWI3KSGSHR6H5RDUWZI775S/)
https://security.netapp.com/advisory/ntap-20210708-0002/
[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update (https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html)
[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update (https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html)
Miscellaneous
https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4G5YBUVEPHZYXMKNGBZ3S6INFCTEEL4E/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROQIXQB7ZAWI3KSGSHR6H5RDUWZI775S/

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis