The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability.
Base Score: 3.6
Impact Score: 4.9
Exploitability Score: 3.9
Base Score: 7.1
Impact Score: 5.2
Exploitability Score: 1.8
|150950||RHEL 8 : Red Hat Virtualization Host security update [ovirt-4.4.6] (Important) (RHSA-2021:2522)||Nessus||Red Hat Local Security Checks|
|150296||RHEL 8 : kpatch-patch (RHSA-2021:2165)||Nessus||Red Hat Local Security Checks|
|150295||RHEL 8 : kernel (RHSA-2021:2168)||Nessus||Red Hat Local Security Checks|
|150289||RHEL 8 : kernel-rt (RHSA-2021:2169)||Nessus||Red Hat Local Security Checks|
|150234||Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4983-1)||Nessus||Ubuntu Local Security Checks|
|150151||Ubuntu 21.04 : Linux kernel vulnerabilities (USN-4977-1)||Nessus||Ubuntu Local Security Checks|
|150145||Oracle Linux 8 : kernel (ELSA-2021-2168)||Nessus||Oracle Linux Local Security Checks|