CVE-2021-4095 log

Source
Severity Low
Remote No
Type Denial of service
Description
A security issue has been found in the Linux kernel. There is a NULL pointer dereference in kvm_dirty_ring_get() in virt/kvm/dirty_ring.c via a KVM KVM_XEN_HVM_SET_ATTR ioctl when there is no vCPU created.
Group Package Affected Fixed Severity Status Ticket
AVG-1881 linux-hardened 5.15.7.hardened1-1 Medium Vulnerable
AVG-1880 linux-zen 5.15.8.zen1-1 Medium Vulnerable
AVG-1879 linux 5.15.8.arch1-1 Medium Vulnerable
AVG-1741 linux-lts 5.10.85-1 Medium Vulnerable
References
https://www.openwall.com/lists/oss-security/2021/12/14/2
https://bugzilla.redhat.com/show_bug.cgi?id=2031194
https://lore.kernel.org/kvm/CAFcO6XOmoS7EacN_n6v4Txk7xL7iqRa2gABg3F7E3Naf5uG94g@mail.gmail.com/T/
https://patchwork.kernel.org/project/kvm/patch/20211121125451.9489-12-dwmw2@infradead.org/