DEBIAN-CVE-2021-22543

Advisory lineage Upstream: 1 Downstream: 2

Upstream

CVE-2021-22543

Downstream

DLA-2785-1 DLA-2843-1

Published: 26 May 2021, 11:15

Last modified:28 Apr 2026, 20:22

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.8 HIGH

3.1 (osv_debian)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

26 May 2021, 11:15

Published

Vulnerability first disclosed

28 Apr 2026, 20:22

Last Modified

Vulnerability information updated

Description

An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Systems

debian•linux
< 5.10.46-2 | < 5.10.46-2 | < 5.10.46-2 | < 5.10.46-2

References (1)

https://security-tracker.debian.org/tracker/CVE-2021-22543