Bug 2031194 (CVE-2021-4095) - CVE-2021-4095 kernel: KVM: NULL pointer dereference in kvm_dirty_ring_get() in virt/kvm/dirty_ring.c
Summary: CVE-2021-4095 kernel: KVM: NULL pointer dereference in kvm_dirty_ring_get() i...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2021-4095
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2031195
Blocks: 2026458 2031196
TreeView+ depends on / blocked
 
Reported: 2021-12-10 18:20 UTC by Guilherme de Almeida Suckevicz
Modified: 2022-08-03 09:43 UTC (History)
48 users (show)

Fixed In Version: kernel 5.17
Clone Of:
Environment:
Last Closed: 2021-12-16 15:15:09 UTC
Embargoed:

Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2021-12-10 18:20:34 UTC 
A NULL pointer dereference in kvm_dirty_ring_get() in virt/kvm/dirty_ring.c via a KVM KVM_XEN_HVM_SET_ATTR ioctl when there is no vCPU created.

References:
https://lore.kernel.org/kvm/CAFcO6XOmoS7EacN_n6v4Txk7xL7iqRa2gABg3F7E3Naf5uG94g@mail.gmail.com/
https://patchwork.kernel.org/project/kvm/patch/20211121125451.9489-12-dwmw2@infradead.org/
Comment 1 Guilherme de Almeida Suckevicz 2021-12-10 18:21:26 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2031195]
Comment 4 Mauro Matteo Cascella 2022-01-17 11:31:24 UTC 
The patch for this issue is now available upstream:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=55749769fe608fa3f4a075e42e89d237c8e37637
Note You need to log in before you can comment on or make changes to this bug.