Login Sign Up

CVE-2021-42979

8.8 HIGH
Denial of Service

📋 TL;DR

This vulnerability in NoMachine Cloud Server allows local attackers to execute arbitrary code with kernel privileges or cause denial of service through memory corruption. It affects users running NoMachine Cloud Server versions between 4.0.346 and 7.7.4. Attackers need local access to exploit the integer overflow in the IOCTL handler.

💻 Affected Systems

Products:
  • NoMachine Cloud Server
Versions: Above 4.0.346 and below 7.7.4
Operating Systems: Windows, Linux, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all installations within the vulnerable version range regardless of configuration.

📦 What is this software?

Cloud Server by Nomachine

View all CVEs affecting Cloud Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with kernel-level code execution leading to persistent backdoors, data theft, and full control of affected systems.

🟠

Likely Case

Local privilege escalation allowing attackers to gain SYSTEM/root privileges from a lower-privileged account, potentially leading to lateral movement within the network.

🟢

If Mitigated

Denial of service causing system crashes and service disruption if memory corruption occurs without successful code execution.

🌐 Internet-Facing: LOW - Requires local access to exploit, cannot be triggered remotely over the internet.
🏢 Internal Only: HIGH - Local attackers on the same system can exploit this for privilege escalation, making it dangerous in multi-user environments.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and knowledge of IOCTL handling. The vulnerability is well-documented with technical details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.7.4 and later

Vendor Advisory: https://www.nomachine.com/

Restart Required: Yes

Instructions:

1. Download NoMachine Cloud Server version 7.7.4 or later from official website. 2. Stop the NoMachine service. 3. Install the updated version. 4. Restart the service or system.

🔧 Temporary Workarounds

Restrict local access

all

Limit local user access to systems running NoMachine Cloud Server to reduce attack surface

Disable unnecessary IOCTL handlers

windows

If possible, disable or restrict access to vulnerable IOCTL handlers through system policies

🧯 If You Can't Patch

  • Implement strict access controls to limit local user accounts on affected systems
  • Monitor for unusual privilege escalation attempts and system crashes

🔍 How to Verify

Check if Vulnerable:

Check NoMachine version: On Windows check Add/Remove Programs, on Linux check package manager or run 'nomachine --version'

Check Version:

nomachine --version (Linux/macOS) or check installed programs (Windows)

Verify Fix Applied:

Verify version is 7.7.4 or higher using the same version check methods

📡 Detection & Monitoring

Log Indicators:

  • System crashes with memory corruption errors
  • Unexpected privilege escalation events
  • IOCTL 0x22001B access attempts

Network Indicators:

  • No network indicators - local exploit only

SIEM Query:

EventID 4624 (Windows) with privilege changes OR kernel panic/crash logs (Linux)

📊 Metadata

CVE ID: CVE-2021-42979
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-190
Published: December 7, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-42979, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)