CVE-2021-3653 — Missing Authorization in Kernel
Severity
8.8HIGHNVD
OSV7.8OSV7.0OSV6.5OSV5.5
EPSS
0.0%
top 97.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 29
Latest updateFeb 14
Description
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the e…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0
Affected Packages8 packages
Also affects: Debian Linux 9.0, Enterprise Linux 7.0