{
  "threat_severity" : "Important",
  "public_date" : "2021-05-18T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks",
    "id" : "1965461",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1965461"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-863",
  "details" : [ "An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.", "A flaw was found in the Linux kernel’s KVM implementation, where improper handing of the VM_IO|VM_PFNMAP VMAs in KVM bypasses RO checks and leads to pages being freed while still accessible by the VMM and guest. This flaw allows users who can start and control a VM to read/write random pages of memory, resulting in local privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, and system availability." ],
  "statement" : "Both Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8 leverage udev to set the proper permissions (ugo=rw) of the `/dev/kvm` device, making it accessible to all users. It is worth noting that while the KVM rule is part of the main udev package in Red Hat Enterprise Linux 8, the same rule is shipped with the `qemu-kvm` package in Red Hat Enterprise Linux 7.  In other words, Red Hat Enterprise Linux 7 does not expose `/dev/kvm` to unprivileged users by default, as long as the `qemu-kvm` package is not installed.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6 Extended Lifecycle Support",
    "release_date" : "2022-07-19T00:00:00Z",
    "advisory" : "RHSA-2022:5640",
    "cpe" : "cpe:/o:redhat:rhel_els:6",
    "package" : "kernel-0:2.6.32-754.48.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2021-10-12T00:00:00Z",
    "advisory" : "RHSA-2021:3802",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-1160.45.1.rt56.1185.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2021-10-12T00:00:00Z",
    "advisory" : "RHSA-2021:3768",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kpatch-patch"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2021-10-12T00:00:00Z",
    "advisory" : "RHSA-2021:3801",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-1160.45.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.2 Advanced Update Support",
    "release_date" : "2021-10-12T00:00:00Z",
    "advisory" : "RHSA-2021:3767",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.2",
    "package" : "kernel-0:3.10.0-327.101.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.3 Advanced Update Support",
    "release_date" : "2021-10-12T00:00:00Z",
    "advisory" : "RHSA-2021:3766",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.3",
    "package" : "kernel-0:3.10.0-514.93.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Advanced Update Support",
    "release_date" : "2021-10-05T00:00:00Z",
    "advisory" : "RHSA-2021:3725",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.4",
    "package" : "kernel-0:3.10.0-693.94.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)",
    "release_date" : "2021-10-12T00:00:00Z",
    "advisory" : "RHSA-2021:3812",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.6",
    "package" : "kernel-0:3.10.0-957.84.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Telco Extended Update Support",
    "release_date" : "2021-10-12T00:00:00Z",
    "advisory" : "RHSA-2021:3812",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.6",
    "package" : "kernel-0:3.10.0-957.84.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions",
    "release_date" : "2021-10-12T00:00:00Z",
    "advisory" : "RHSA-2021:3812",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.6",
    "package" : "kernel-0:3.10.0-957.84.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions",
    "release_date" : "2021-10-12T00:00:00Z",
    "advisory" : "RHSA-2021:3814",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.6",
    "package" : "kpatch-patch"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Advanced Update Support",
    "release_date" : "2021-10-26T00:00:00Z",
    "advisory" : "RHSA-2021:3987",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.7",
    "package" : "kernel-0:3.10.0-1062.59.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Telco Extended Update Support",
    "release_date" : "2021-10-26T00:00:00Z",
    "advisory" : "RHSA-2021:3987",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.7",
    "package" : "kernel-0:3.10.0-1062.59.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions",
    "release_date" : "2021-10-26T00:00:00Z",
    "advisory" : "RHSA-2021:3987",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.7",
    "package" : "kernel-0:3.10.0-1062.59.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions",
    "release_date" : "2021-10-26T00:00:00Z",
    "advisory" : "RHSA-2021:4000",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.7",
    "package" : "kpatch-patch"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-08-10T00:00:00Z",
    "advisory" : "RHSA-2021:3088",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-305.12.1.rt7.84.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-08-10T00:00:00Z",
    "advisory" : "RHSA-2021:3044",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kpatch-patch"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-08-10T00:00:00Z",
    "advisory" : "RHSA-2021:3057",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-305.12.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support",
    "release_date" : "2021-08-17T00:00:00Z",
    "advisory" : "RHSA-2021:3173",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.1",
    "package" : "kernel-0:4.18.0-147.52.1.el8_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support",
    "release_date" : "2021-08-17T00:00:00Z",
    "advisory" : "RHSA-2021:3181",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.1",
    "package" : "kpatch-patch"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3375",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.2::nfv",
    "package" : "kernel-rt-0:4.18.0-193.64.1.rt13.115.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3363",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.2",
    "package" : "kernel-0:4.18.0-193.64.1.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support",
    "release_date" : "2021-08-31T00:00:00Z",
    "advisory" : "RHSA-2021:3380",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.2",
    "package" : "kpatch-patch"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
    "release_date" : "2021-10-20T00:00:00Z",
    "advisory" : "RHSA-2021:3943",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "redhat-virtualization-host-0:4.3.19-20211013.0.el7_9"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
    "release_date" : "2021-08-19T00:00:00Z",
    "advisory" : "RHSA-2021:3235",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
    "package" : "redhat-virtualization-host-0:4.4.7-20210804.0.el8_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Affected",
    "package_name" : "kernel-alt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-22543\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-22543\nhttps://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584" ],
  "name" : "CVE-2021-22543",
  "mitigation" : {
    "value" : "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.",
    "lang" : "en:us"
  },
  "csaw" : false
}