CVE-2021-34458: Windows Kernel Remote Code Execution Vulnerability
Overview
- Severity
- Critical (CVSS 9.9)
- CVSS Vector
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
- Category
- Remote Code Execution
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2021-Jul
- Released
- 2021-07-13
- EPSS Score
- 1.70% (percentile: 82.3%)
FAQ
How do I know if I'm affected by this vulnerability?
This issue allows a single root input/output virtualization (SR-IOV) device which is assigned to a guest to potentially interfere with its Peripheral Component Interface Express (PCIe) siblings which are attached to other guests or to the root.
You will be vulnerable if you implement the following:
Your Windows instance is hosting virtual machines
Your Server includes the required hardware with SR-IOV devices
Affected Products (6)
Windows
- Windows Server 2019
- Windows Server 2019 (Server Core installation)
- Windows Server, version 2004 (Server Core installation)
- Windows Server, version 20H2 (Server Core Installation)
- Windows Server 2016
- Windows Server 2016 (Server Core installation)
Security Updates (3)
Acknowledgments
Cody Hartwig of Microsoft
Revision History
- 2021-07-13: Information published.