Information disclosure in Linux kernel

#VU91341 Information disclosure in Linux kernel

Cybersecurity Help s.r.o.

Published: 2024-06-08

Vulnerability identifier: #VU91341

Vulnerability risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47255

CWE-ID: CWE-200

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the kvm_lapic_reg_read() function in arch/x86/kvm/lapic.c. A local user can gain access to sensitive information.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/bf99ea52970caeb4583bdba1192c1f9b53b12c84
http://git.kernel.org/stable/c/018685461a5b9a9a70e664ac77aef0d7415a3fd5
http://git.kernel.org/stable/c/a2aff09807fbe4018c269d3773a629949058b210
http://git.kernel.org/stable/c/218bf772bddd221489c38dde6ef8e917131161f6

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Information disclosure in Linux kernel x86 kvm