Use-After-Free Vulnerability in ACRN Hypervisor Affecting Virtio Devices
CVE-2021-36144

7.5HIGH

Key Information:

Vendor: Linux
Status: Acrn
Vendor: CVE Published:; 2 July 2021

Summary

The ACRN Hypervisor prior to version 2.5 contains a use-after-free vulnerability within the polling timer handler. This issue arises when a freed virtio device is incorrectly referenced, potentially leading to system instability or unintended behavior. The problem is located in the device model code, specifically within the handling of PCI virtio devices, making it critical for system administrators to apply updates to mitigate potential security risks.

References

https://github.com/projectacrn/acrn-hypervisor/pull/6268/...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 2, 2021
Vulnerability Reserved
Jul 2, 2021