Buffer overflow in Linux Linux_kernel
CVE-2021-22543
An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start…
Vulnerability class: Buffer Overflow
EPSS: 0.007 (46.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Linux Linux_kernel — versions 2021-05-18
- Linux Kernel — versions add6a0cd1c5ba51b201e1361b05a5df817083618
- Netapp Cloud_backup
- Netapp H300e
- Netapp H300e_firmware
- Netapp H300s
- Netapp H300s_firmware
- Netapp H410c
- Netapp H410c_firmware
- Netapp H410s
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve-coordination@google.com (Exploit, Third Party Advisory, x_refsource_MISC)
- cve-coordination@google.com (mailing-list, x_refsource_MLIST, Mailing List)
- cve-coordination@google.com (x_refsource_FEDORA, vendor-advisory)
- cve-coordination@google.com (x_refsource_FEDORA, vendor-advisory)
- cve-coordination@google.com (x_refsource_CONFIRM, Third Party Advisory)
- cve-coordination@google.com (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
- cve-coordination@google.com (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
Frequently asked questions
- What is CVE-2021-22543?
- CVE-2021-22543 is a high-severity vulnerability in Linux Linux_kernel, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.8/10. Published 2021-05-26.
- How severe is CVE-2021-22543?
- High severity. CVSS v3 base score is 7.8 out of 10.
- Is CVE-2021-22543 known to be exploited?
- 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.