First published: Tue May 18 2021(Updated: )
A flaw was found in the Linux kernel’s KVM implementation, where improper handing of the VM_IO|VM_PFNMAP VMAs in KVM bypasses RO checks and leads to pages being freed while still accessible by the VMM and guest. This flaw allows users who can start and control a VM to read/write random pages of memory, resulting in local privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, and system availability.
Credit: cve-coordination@google.com cve-coordination@google.com cve-coordination@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel | <0:2.6.32-754.48.1.el6 | 0:2.6.32-754.48.1.el6 |
redhat/kernel-rt | <0:3.10.0-1160.45.1.rt56.1185.el7 | 0:3.10.0-1160.45.1.rt56.1185.el7 |
redhat/kernel | <0:3.10.0-1160.45.1.el7 | 0:3.10.0-1160.45.1.el7 |
redhat/kernel | <0:3.10.0-327.101.1.el7 | 0:3.10.0-327.101.1.el7 |
redhat/kernel | <0:3.10.0-514.93.1.el7 | 0:3.10.0-514.93.1.el7 |
redhat/kernel | <0:3.10.0-693.94.1.el7 | 0:3.10.0-693.94.1.el7 |
redhat/kernel | <0:3.10.0-957.84.1.el7 | 0:3.10.0-957.84.1.el7 |
redhat/kernel | <0:3.10.0-1062.59.1.el7 | 0:3.10.0-1062.59.1.el7 |
redhat/kernel-rt | <0:4.18.0-305.12.1.rt7.84.el8_4 | 0:4.18.0-305.12.1.rt7.84.el8_4 |
redhat/kernel | <0:4.18.0-305.12.1.el8_4 | 0:4.18.0-305.12.1.el8_4 |
redhat/kernel | <0:4.18.0-147.52.1.el8_1 | 0:4.18.0-147.52.1.el8_1 |
redhat/kernel-rt | <0:4.18.0-193.64.1.rt13.115.el8_2 | 0:4.18.0-193.64.1.rt13.115.el8_2 |
redhat/kernel | <0:4.18.0-193.64.1.el8_2 | 0:4.18.0-193.64.1.el8_2 |
redhat/redhat-virtualization-host | <0:4.3.19-20211013.0.el7_9 | 0:4.3.19-20211013.0.el7_9 |
redhat/redhat-virtualization-host | <0:4.4.7-20210804.0.el8_4 | 0:4.4.7-20210804.0.el8_4 |
Linux Linux kernel | =2021-05-18 | |
Fedoraproject Fedora | =33 | |
Fedoraproject Fedora | =34 | |
Debian Debian Linux | =9.0 | |
Netapp Baseboard Management Controller H410c Firmware | ||
Netapp Baseboard Management Controller H410c | ||
Netapp Baseboard Management Controller H300s Firmware | ||
Netapp Baseboard Management Controller H300s | ||
Netapp Baseboard Management Controller H500s Firmware | ||
Netapp Baseboard Management Controller H500s | ||
Netapp Baseboard Management Controller H700s Firmware | ||
Netapp Baseboard Management Controller H700s | ||
Netapp Baseboard Management Controller H300e Firmware | ||
Netapp Baseboard Management Controller H300e | ||
Netapp Baseboard Management Controller H500e Firmware | ||
Netapp Baseboard Management Controller H500e | ||
Netapp Baseboard Management Controller H700e Firmware | ||
Netapp Baseboard Management Controller H700e | ||
Netapp Baseboard Management Controller H410s Firmware | ||
Netapp Baseboard Management Controller H410s | ||
Netapp Cloud Backup | ||
Netapp Solidfire Baseboard Management Controller Firmware | ||
redhat/kernel | <5.13 | 5.13 |
All of | ||
Netapp H410c Firmware | ||
Netapp H410c | ||
All of | ||
Netapp H300s Firmware | ||
Netapp H300s | ||
All of | ||
Netapp H500s Firmware | ||
Netapp H500s | ||
All of | ||
Netapp H700s Firmware | ||
Netapp H700s | ||
All of | ||
Netapp H300e Firmware | ||
Netapp H300e | ||
All of | ||
Netapp H500e Firmware | ||
Netapp H500e | ||
All of | ||
Netapp H700e Firmware | ||
Netapp H700e | ||
All of | ||
Netapp H410s Firmware | ||
Netapp H410s | ||
IBM Cloud Pak for Security (CP4S) | <=1.7.2.0 | |
IBM Cloud Pak for Security (CP4S) | <=1.7.1.0 | |
IBM Cloud Pak for Security (CP4S) | <=1.7.0.0 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.106-3 6.1.112-1 6.11.4-1 6.11.5-1 |
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)