Rewterz Threat Update – Apache Log4j Security Flaw – A Zero-Day for the Entirety of the Internet
December 16, 2021Rewterz Threat Alert – IcedID banking Trojan – Active IOCs
December 16, 2021Rewterz Threat Update – Apache Log4j Security Flaw – A Zero-Day for the Entirety of the Internet
December 16, 2021Rewterz Threat Alert – IcedID banking Trojan – Active IOCs
December 16, 2021Severity
High
Analysis Summary
CVE-2021-4095
Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the kvm_dirty_ring_get() function in virt/kvm/dirty_ring.c when there is no vCPU created. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2021-39685
Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by a flaw in the USB Gadget subsystem. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information, cause a denial of service condition or execute arbitrary code in the context of kernel.
Impact
- Denial of Service
- Code Execution
Affected Vendors
Linux
Affected Products
- Linux Kernel 5.15.0-rc5
Remediation
Upgrade to the latest version of Linux Kernel, available from the Linux Kernel Web site.
CVE-2021-4095
CVE-2021-39685