Use-After-Free Vulnerability in ACRN Hypervisor by Project ACRN
CVE-2021-36145

7.5HIGH

Key Information:

Vendor: Linux
Status: Acrn
Vendor: CVE Published:; 2 July 2021

What is CVE-2021-36145?

A use-after-free vulnerability exists in the Device Model of the ACRN Hypervisor prior to version 2.5. The flaw originates from improper memory management in the devicemodel/core/mem.c file, specifically related to freed rb_entry structures. This can lead to potential exploitation scenarios where an attacker could execute arbitrary code in the context of the hypervisor. Users are advised to upgrade to the latest version to mitigate the risk associated with this vulnerability.

References

https://github.com/projectacrn/acrn-hypervisor/pull/6058/...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2021
Vulnerability Reserved
Jul 2, 2021

Linux

What is CVE-2021-36145?

References

CVSS V3.1

Timeline