{"api_version":"1","generated_at":"2026-04-22T21:39:14+00:00","cve":"CVE-2021-22543","urls":{"html":"https://cve.report/CVE-2021-22543","api":"https://cve.report/api/cve/CVE-2021-22543.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-22543","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-22543"},"summary":{"title":"CVE-2021-22543","description":"An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.","state":"PUBLIC","assigner":"security@google.com","published_at":"2021-05-26 11:15:00","updated_at":"2023-11-09 14:44:00"},"problem_types":["CWE-119"],"metrics":[],"references":[{"url":"https://security.netapp.com/advisory/ntap-20210708-0002/","name":"https://security.netapp.com/advisory/ntap-20210708-0002/","refsource":"CONFIRM","tags":[],"title":"CVE-2021-22543 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584","name":"https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584","refsource":"MISC","tags":[],"title":"Linux: KVM VM_IO|VM_PFNMAP vma mishandling · Advisory · google/security-research · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROQIXQB7ZAWI3KSGSHR6H5RDUWZI775S/","name":"FEDORA-2021-95f2f1cfc7","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: kernel-5.12.14-200.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROQIXQB7ZAWI3KSGSHR6H5RDUWZI775S/","name":"FEDORA-2021-95f2f1cfc7","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 33 Update: kernel-5.12.14-200.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2021/06/26/1","name":"[oss-security] 20210626 Re: CVE-2021-22543 - /dev/kvm LPE","refsource":"MLIST","tags":[],"title":"oss-security - Re: CVE-2021-22543 - /dev/kvm LPE","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2021/05/26/3","name":"[oss-security] 20210526 CVE-2021-22543 - /dev/kvm LPE","refsource":"MLIST","tags":[],"title":"oss-security - CVE-2021-22543 - /dev/kvm LPE","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html","name":"[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2785-1] linux-4.19 security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4G5YBUVEPHZYXMKNGBZ3S6INFCTEEL4E/","name":"FEDORA-2021-fe826f202e","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: kernel-5.12.14-300.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2021/05/26/4","name":"[oss-security] 20210526 Re: CVE-2021-22543 - /dev/kvm LPE","refsource":"MLIST","tags":[],"title":"oss-security - Re: CVE-2021-22543 - /dev/kvm LPE","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2021/05/26/5","name":"[oss-security] 20210526 Re: CVE-2021-22543 - /dev/kvm LPE","refsource":"MLIST","tags":[],"title":"oss-security - Re: CVE-2021-22543 - /dev/kvm LPE","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html","name":"[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2843-1] linux security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4G5YBUVEPHZYXMKNGBZ3S6INFCTEEL4E/","name":"FEDORA-2021-fe826f202e","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: kernel-5.12.14-300.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-22543","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22543","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"David Stevens","lang":""},{"source":"LEGACY","value":"Kevin Hamacher","lang":""},{"source":"LEGACY","value":"Jann Horn","lang":""}],"nvd_cpes":[{"cve_year":"2021","cve_id":"22543","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"2021-05-18","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"baseboard_management_controller_h300e","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"baseboard_management_controller_h300e_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"baseboard_management_controller_h300s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"baseboard_management_controller_h300s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"baseboard_management_controller_h410c","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"baseboard_management_controller_h410c_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"baseboard_management_controller_h410s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"baseboard_management_controller_h410s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"baseboard_management_controller_h500e","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"baseboard_management_controller_h500e_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"baseboard_management_controller_h500s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"baseboard_management_controller_h500s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"baseboard_management_controller_h700e","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"baseboard_management_controller_h700e_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"baseboard_management_controller_h700s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"baseboard_management_controller_h700s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"cloud_backup","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h300e","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h300e_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h300s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h300s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h410c","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h410c_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h410s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h410s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h500e","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h500e_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h500s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h500s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h700e","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h700e_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netapp","cpe5":"h700s","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"h700s_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"hci_baseboard_management_controller","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netapp","cpe5":"solidfire_baseboard_management_controller","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22543","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netapp","cpe5":"solidfire_baseboard_management_controller_firmware","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-22543","qid":"159329","title":"Oracle Enterprise Linux Security Update for kernel (ELSA-2021-3057)"},{"cve":"CVE-2021-22543","qid":"159393","title":"Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2021-9450)"},{"cve":"CVE-2021-22543","qid":"159394","title":"Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2021-9451)"},{"cve":"CVE-2021-22543","qid":"159399","title":"Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2021-9452)"},{"cve":"CVE-2021-22543","qid":"159400","title":"Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2021-9453)"},{"cve":"CVE-2021-22543","qid":"159415","title":"Oracle Enterprise Linux Security Update for kernel (ELSA-2021-3801)"},{"cve":"CVE-2021-22543","qid":"178844","title":"Debian Security Update for linux-4.19 (DLA 2785-1)"},{"cve":"CVE-2021-22543","qid":"178943","title":"Debian Security Update for linux (DLA 2843-1)"},{"cve":"CVE-2021-22543","qid":"179786","title":"Debian Security Update for linux (CVE-2021-22543)"},{"cve":"CVE-2021-22543","qid":"198487","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5071-1)"},{"cve":"CVE-2021-22543","qid":"198491","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5070-1)"},{"cve":"CVE-2021-22543","qid":"198502","title":"Ubuntu Security Notification for Linux kernel (HWE) Vulnerabilities (USN-5071-2)"},{"cve":"CVE-2021-22543","qid":"198512","title":"Ubuntu Security Notification for Linux kernel (Raspberry Pi) Vulnerabilities (USN-5071-3)"},{"cve":"CVE-2021-22543","qid":"198518","title":"Ubuntu Security Notification for Linux kernel (Raspberry Pi) Vulnerabilities (USN-5094-2)"},{"cve":"CVE-2021-22543","qid":"198520","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5094-1)"},{"cve":"CVE-2021-22543","qid":"198533","title":"Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5106-1)"},{"cve":"CVE-2021-22543","qid":"198548","title":"Ubuntu Security Notification for Linux kernel (Azure) Vulnerabilities (USN-5120-1)"},{"cve":"CVE-2021-22543","qid":"239541","title":"Red Hat Update for kernel (RHSA-2021:3057)"},{"cve":"CVE-2021-22543","qid":"239542","title":"Red Hat Update for kpatch-patch (RHSA-2021:3044)"},{"cve":"CVE-2021-22543","qid":"239543","title":"Red Hat Update for kernel-rt (RHSA-2021:3088)"},{"cve":"CVE-2021-22543","qid":"239566","title":"Red Hat Update for kpatch-patch (RHSA-2021:3181)"},{"cve":"CVE-2021-22543","qid":"239570","title":"Red Hat Update for kernel (RHSA-2021:3173)"},{"cve":"CVE-2021-22543","qid":"239593","title":"Red Hat Update for kpatch-patch (RHSA-2021:3380)"},{"cve":"CVE-2021-22543","qid":"239594","title":"Red Hat Update for kernel-rt (RHSA-2021:3375)"},{"cve":"CVE-2021-22543","qid":"239599","title":"Red Hat Update for kernel (RHSA-2021:3363)"},{"cve":"CVE-2021-22543","qid":"239663","title":"Red Hat Update for kpatch-patch (RHSA-2021:3768)"},{"cve":"CVE-2021-22543","qid":"239675","title":"Red Hat Update for kernel-rt (RHSA-2021:3802)"},{"cve":"CVE-2021-22543","qid":"239676","title":"Red Hat Update for kernel (RHSA-2021:3801)"},{"cve":"CVE-2021-22543","qid":"257119","title":"CentOS Security Update for kernel (CESA-2021:3801)"},{"cve":"CVE-2021-22543","qid":"281692","title":"Fedora Security Update for kernel (FEDORA-2021-fe826f202e)"},{"cve":"CVE-2021-22543","qid":"281693","title":"Fedora Security Update for kernel (FEDORA-2021-95f2f1cfc7)"},{"cve":"CVE-2021-22543","qid":"352799","title":"Amazon Linux Security Advisory for kernel: ALAS2-2021-1699"},{"cve":"CVE-2021-22543","qid":"352871","title":"Amazon Linux Security Advisory for kernel : ALAS-2021-1539"},{"cve":"CVE-2021-22543","qid":"353147","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-004"},{"cve":"CVE-2021-22543","qid":"353158","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2022-002"},{"cve":"CVE-2021-22543","qid":"353242","title":"Amazon Linux Security Advisory for kernel : ALAC2012-2022-036"},{"cve":"CVE-2021-22543","qid":"353243","title":"Amazon Linux Security Advisory for kmod-mlx5 : ALAC2012-2022-037"},{"cve":"CVE-2021-22543","qid":"353244","title":"Amazon Linux Security Advisory for kmod-sfc : ALAC2012-2022-038"},{"cve":"CVE-2021-22543","qid":"671448","title":"EulerOS Security Update for kernel (EulerOS-SA-2022-1450)"},{"cve":"CVE-2021-22543","qid":"750946","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:2647-1)"},{"cve":"CVE-2021-22543","qid":"750947","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:2644-1)"},{"cve":"CVE-2021-22543","qid":"750949","title":"OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:1142-1)"},{"cve":"CVE-2021-22543","qid":"750953","title":"OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:2645-1)"},{"cve":"CVE-2021-22543","qid":"750963","title":"OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:2687-1)"},{"cve":"CVE-2021-22543","qid":"751437","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3876-1)"},{"cve":"CVE-2021-22543","qid":"751441","title":"OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3876-1)"},{"cve":"CVE-2021-22543","qid":"751473","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3969-1)"},{"cve":"CVE-2021-22543","qid":"751476","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3972-1)"},{"cve":"CVE-2021-22543","qid":"940353","title":"AlmaLinux Security Update for kernel (ALSA-2021:3057)"},{"cve":"CVE-2021-22543","qid":"960074","title":"Rocky Linux Security Update for kernel (RLSA-2021:3057)"},{"cve":"CVE-2021-22543","qid":"960852","title":"Rocky Linux Security Update for kernel-rt (RLSA-2021:3088)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@google.com","DATE_PUBLIC":"2021-05-18T10:00:00.000Z","ID":"CVE-2021-22543","STATE":"PUBLIC","TITLE":"Improper memory handling in Linux KVM"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"credit":[{"lang":"eng","value":"David Stevens"},{"lang":"eng","value":"Kevin Hamacher"},{"lang":"eng","value":"Jann Horn"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"LOW","baseScore":7.7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584","name":"https://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584"},{"refsource":"MLIST","name":"[oss-security] 20210626 Re: CVE-2021-22543 - /dev/kvm LPE","url":"http://www.openwall.com/lists/oss-security/2021/06/26/1"},{"refsource":"FEDORA","name":"FEDORA-2021-fe826f202e","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4G5YBUVEPHZYXMKNGBZ3S6INFCTEEL4E/"},{"refsource":"FEDORA","name":"FEDORA-2021-95f2f1cfc7","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROQIXQB7ZAWI3KSGSHR6H5RDUWZI775S/"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20210708-0002/","url":"https://security.netapp.com/advisory/ntap-20210708-0002/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20211015 [SECURITY] [DLA 2785-1] linux-4.19 security update","url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html"},{"refsource":"MLIST","name":"[debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update","url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html"}]},"source":{"discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2021-05-26 11:15:00","lastModifiedDate":"2023-11-09 14:44:00","problem_types":["CWE-119"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:2021-05-18:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"22543","Ordinal":"197248","Title":"CVE-2021-22543","CVE":"CVE-2021-22543","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"22543","Ordinal":"1","NoteData":"An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"22543","Ordinal":"2","NoteData":"2021-05-26","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"22543","Ordinal":"3","NoteData":"2021-12-16","Type":"Other","Title":"Modified"}]}}}