CVE-2021-22543

An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.

CVSS v3 7.8 HIGH
CVSS v2.0 4.6 MEDIUM

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.openwall.com/lists/oss-security/2021/06/26/1	Mailing List
https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584	Exploit Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4G5YBUVEPHZYXMKNGBZ3S6INFCTEEL4E/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROQIXQB7ZAWI3KSGSHR6H5RDUWZI775S/
https://security.netapp.com/advisory/ntap-20210708-0002/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:2021-05-18:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:33:::::::*
	cpe:2.3:o:fedoraproject:fedora:34:::::::*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 12 (hide)

OR	cpe:2.3:a:netapp:cloud_backup:-:::::::*
	cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:::::::*

History

09 Nov 2023, 14:44

Type	Values Removed	Values Added
First Time		Netapp h700e Firmware Netapp h500s Firmware Netapp h500e Netapp h410c Netapp h700s Firmware Netapp h300e Netapp h300s Firmware Netapp h500s Netapp h300e Firmware Netapp h700s Netapp h410s Netapp h410c Firmware Netapp h500e Firmware Netapp h700e Netapp h300s Netapp h410s Firmware
CPE	cpe:2.3:h:netapp:baseboard_management_controller_h410c:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h500e_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h410c_firmware:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h410s_firmware:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h300e_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h300e:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h700e_firmware:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h700s_firmware:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h500s_firmware:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h300s_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h700e:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h500e:-:::::::*	cpe:2.3:h:netapp:h410c:-:::::::* cpe:2.3:h:netapp:h700s:-:::::::* cpe:2.3:h:netapp:h410s:-:::::::* cpe:2.3:o:netapp:h410s_firmware:-:::::::* cpe:2.3:o:netapp:h700e_firmware:-:::::::* cpe:2.3:o:netapp:h300s_firmware:-:::::::* cpe:2.3:h:netapp:h300s:-:::::::* cpe:2.3:o:netapp:h410c_firmware:-:::::::* cpe:2.3:h:netapp:h500s:-:::::::* cpe:2.3:o:netapp:h700s_firmware:-:::::::* cpe:2.3:o:netapp:h500s_firmware:-:::::::* cpe:2.3:h:netapp:h700e:-:::::::* cpe:2.3:h:netapp:h500e:-:::::::* cpe:2.3:h:netapp:h300e:-:::::::* cpe:2.3:o:netapp:h300e_firmware:-:::::::* cpe:2.3:o:netapp:h500e_firmware:-:::::::*

07 Nov 2023, 03:30

Type	Values Removed	Values Added
References	{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROQIXQB7ZAWI3KSGSHR6H5RDUWZI775S/', 'name': 'FEDORA-2021-95f2f1cfc7', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4G5YBUVEPHZYXMKNGBZ3S6INFCTEEL4E/', 'name': 'FEDORA-2021-fe826f202e', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROQIXQB7ZAWI3KSGSHR6H5RDUWZI775S/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4G5YBUVEPHZYXMKNGBZ3S6INFCTEEL4E/ -

01 Apr 2022, 18:45

Type	Values Removed	Values Added
CPE	cpe:2.3:a:netapp:solidfire_baseboard_management_controller:-:::::::* cpe:2.3:a:netapp:hci_baseboard_management_controller:-:::::::*	cpe:2.3:o:netapp:baseboard_management_controller_h410c_firmware:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h500e_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h300s_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h300e:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h700e_firmware:-:::::::* cpe:2.3:a:netapp:cloud_backup:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h700s_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h410c:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h410s_firmware:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h500s_firmware:-:::::::* cpe:2.3:o:netapp:baseboard_management_controller_h300e_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h500e:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:::::::* cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:::::::* cpe:2.3:h:netapp:baseboard_management_controller_h700e:-:::::::*
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4G5YBUVEPHZYXMKNGBZ3S6INFCTEEL4E/ - Third Party Advisory~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4G5YBUVEPHZYXMKNGBZ3S6INFCTEEL4E/ - Mailing List, Third Party Advisory
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html - Mailing List, Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROQIXQB7ZAWI3KSGSHR6H5RDUWZI775S/ - Third Party Advisory~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROQIXQB7ZAWI3KSGSHR6H5RDUWZI775S/ - Mailing List, Third Party Advisory
First Time		Netapp baseboard Management Controller H410s Netapp baseboard Management Controller H500s Firmware Netapp baseboard Management Controller H410c Netapp cloud Backup Netapp baseboard Management Controller H700s Firmware Netapp baseboard Management Controller H500e Firmware Netapp baseboard Management Controller H410c Firmware Netapp baseboard Management Controller H700s Netapp baseboard Management Controller H300s Firmware Netapp baseboard Management Controller H300e Firmware Netapp baseboard Management Controller H500s Netapp baseboard Management Controller H500e Netapp baseboard Management Controller H700e Netapp baseboard Management Controller H410s Firmware Netapp baseboard Management Controller H300e Netapp baseboard Management Controller H700e Firmware Netapp solidfire Baseboard Management Controller Firmware Netapp baseboard Management Controller H300s

17 Dec 2021, 01:15

Type	Values Removed	Values Added
References		(MLIST) https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html -

12 Nov 2021, 20:08

Type	Values Removed	Values Added
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROQIXQB7ZAWI3KSGSHR6H5RDUWZI775S/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROQIXQB7ZAWI3KSGSHR6H5RDUWZI775S/ - Third Party Advisory
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html - Mailing List, Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4G5YBUVEPHZYXMKNGBZ3S6INFCTEEL4E/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4G5YBUVEPHZYXMKNGBZ3S6INFCTEEL4E/ - Third Party Advisory
References	~~(MLIST) http://www.openwall.com/lists/oss-security/2021/06/26/1 -~~	(MLIST) http://www.openwall.com/lists/oss-security/2021/06/26/1 - Mailing List
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20210708-0002/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20210708-0002/ - Third Party Advisory
CPE		cpe:2.3:o:fedoraproject:fedora:33:::::::* cpe:2.3:a:netapp:solidfire_baseboard_management_controller:-:::::::* cpe:2.3:o:fedoraproject:fedora:34:::::::* cpe:2.3:o:debian:debian_linux:9.0:::::::* cpe:2.3:a:netapp:hci_baseboard_management_controller:-:::::::*

16 Oct 2021, 01:15

Type	Values Removed	Values Added
References		(MLIST) https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html - (CONFIRM) https://security.netapp.com/advisory/ntap-20210708-0002/ -

08 Jul 2021, 05:15

Type	Values Removed	Values Added
References		(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4G5YBUVEPHZYXMKNGBZ3S6INFCTEEL4E/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROQIXQB7ZAWI3KSGSHR6H5RDUWZI775S/ -

08 Jul 2021, 03:15

Type	Values Removed	Values Added
References		(MLIST) http://www.openwall.com/lists/oss-security/2021/06/26/1 -

07 Jun 2021, 20:42

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:2021-05-18:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.6 v3 : 7.8
CWE		CWE-119
References	~~(MISC) https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584 -~~	(MISC) https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584 - Exploit, Third Party Advisory

02 Jun 2021, 13:15

Type	Values Removed	Values Added
Summary	An issue was discovered in the Linux: KVM through Improper handling of VM_IO\|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.	An issue was discovered in Linux: KVM through Improper handling of VM_IO\|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.
References	~~{'url': 'http://www.openwall.com/lists/oss-security/2021/05/26/5', 'name': '[oss-security] 20210526 Re: CVE-2021-22543 - /dev/kvm LPE', 'tags': [], 'refsource': 'MLIST'}~~ ~~{'url': 'http://www.openwall.com/lists/oss-security/2021/05/26/4', 'name': '[oss-security] 20210526 Re: CVE-2021-22543 - /dev/kvm LPE', 'tags': [], 'refsource': 'MLIST'}~~ ~~{'url': 'http://www.openwall.com/lists/oss-security/2021/05/26/3', 'name': '[oss-security] 20210526 CVE-2021-22543 - /dev/kvm LPE', 'tags': [], 'refsource': 'MLIST'}~~

27 May 2021, 00:15

Type	Values Removed	Values Added
References		(MLIST) http://www.openwall.com/lists/oss-security/2021/05/26/5 -

26 May 2021, 18:15

Type	Values Removed	Values Added
References		(MLIST) http://www.openwall.com/lists/oss-security/2021/05/26/3 - (MLIST) http://www.openwall.com/lists/oss-security/2021/05/26/4 -

26 May 2021, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-05-26 11:15

Updated : 2023-12-10 13:55

NVD link : CVE-2021-22543

Mitre link : CVE-2021-22543

CVE.ORG link : CVE-2021-22543

JSON object : View

Products Affected

netapp

h700s_firmware
h700e
h700e_firmware
h700s
h300s_firmware
cloud_backup
solidfire_baseboard_management_controller_firmware
h300s
h300e
h500e_firmware
h410c_firmware
h410c
h500s
h410s
h410s_firmware
h500s_firmware
h300e_firmware
h500e

debian

debian_linux

linux

linux_kernel

fedoraproject

fedora

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

7.8 /10