CVE-2021-43056
First published: Mon Oct 25 2021(Updated: )
A denial of service problem was found in KVM specific to powerpc. In this flaw, a user with local access can confuse the host offline code, causing the guest to crash. References: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337">https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337</a>
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <0:4.18.0-372.9.1.el8 | 0:4.18.0-372.9.1.el8 |
| redhat/kernel | <5.15 | 5.15 |
| Linux kernel | >=5.2<5.4.15 | |
| Fedora | =33 | |
| Fedora | =34 | |
| Fedora | =35 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.17-1 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2021-43056 https://nvd.nist.gov/vuln/detail/CVE-2021-43056 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337
- https://bugzilla.redhat.com/show_bug.cgi?id=2017073
- https://access.redhat.com/errata/RHSA-2022:1988
- https://access.redhat.com/security/cve/cve-2021-43056
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.15
- https://git.kernel.org/linus/cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337
- https://lore.kernel.org/linuxppc-dev/87pmrtbbdt.fsf@mpe.ellerman.id.au/T/#u
- http://www.openwall.com/lists/oss-security/2021/10/28/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BBM4FP3IT3JZ2O7EBS7TEOG657N4ZGRE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AA7EAPPKWG4LMTQQLNNSKATY6ST2KQFE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRAIS3PG4EV5WFLYESR6FXWM4BJJGWVA/
- https://launchpad.net/bugs/cve/CVE-2021-43056
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2017074
- https://lore.kernel.org/linuxppc-dev/87pmrtbbdt.fsf%40mpe.ellerman.id.au/T/#u
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBM4FP3IT3JZ2O7EBS7TEOG657N4ZGRE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRAIS3PG4EV5WFLYESR6FXWM4BJJGWVA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AA7EAPPKWG4LMTQQLNNSKATY6ST2KQFE/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43056
- https://nvd.nist.gov/vuln/detail/CVE-2021-43056
- https://security-tracker.debian.org/tracker/CVE-2021-43056
- https://ubuntu.com/security/CVE-2021-43056
Frequently Asked Questions
What is the severity of CVE-2021-43056?
CVE-2021-43056 has been classified as a denial of service vulnerability which may have a critical impact in certain environments.
How do I fix CVE-2021-43056?
To mitigate CVE-2021-43056, update to the recommended kernel versions provided by your Linux distribution.
Who is affected by CVE-2021-43056?
CVE-2021-43056 affects users of KVM on powerpc architecture, particularly those with local access.
What impact does CVE-2021-43056 have on systems?
CVE-2021-43056 can cause guest virtual machines to crash, impacting availability.
What versions of kernel are vulnerable to CVE-2021-43056?
Kernel versions prior to 0:4.18.0-372.9.1.el8 and various versions of Linux kernel up to 5.4.15 are vulnerable to CVE-2021-43056.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/weakness
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-43056
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/author
- agent/remedy
- agent/trending
- agent/source
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/security-tracker-debian
- source/Debian
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- collector/nvd-index
- package-manager/redhat
- package-manager/debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.2
- vendor/fedoraproject
- canonical/fedora
- version/fedora/33
- version/fedora/34
- version/fedora/35