AZL-8965

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-8965.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-8965

Upstream

CVE-2021-4095

Published

2022-03-10T17:44:53Z

Modified

2026-04-21T04:34:56.176324Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2021-4095 affecting package kernel for versions less than 5.15.37.1-2

Details

A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVMXENHVMSETATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-4095

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.37.1-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-8965.json"