CVE-2021-3656

CWE-862 — Missing Authorization24 documents8 sources

Severity

8.8HIGH

EPSS

0.1%

top 78.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Fedoraproject Fedora Redhat 3scale API Management +21 more

Timeline

PublishedMar 4

Latest updateMar 8

Description

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a cra…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages28 packages

▶NVDredhat/virtualization_host4.0

▶NVDlinux/linux_kernel4.13 — 4.14.245+5

▶Debianlinux< 5.10.46-5+3

▶Ubuntulinux< 4.15.0-156.163

▶Ubuntulinux-aws< 4.15.0-1111.118

Also affects: Fedora 33, 34, Enterprise Linux 8.0, 8.1, 8.2, 8.4, 7.0, 7, 8, 7.6, 7.7

Patches

Patch: git.kernel.org ↗Patch: github.com ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

CVEList

CVE-2021-3656: A flaw was found in the KVM's AMD code for supporting SVM nested virtualization↗2022-03-04

▶

OSV

CVE-2021-3656: A flaw was found in the KVM's AMD code for supporting SVM nested virtualization↗2022-03-04

▶

OSV

linux-gcp, linux-gcp-4.15 vulnerabilities↗2021-09-17

▶

OSV

linux-oem-5.13 vulnerabilities↗2021-09-16

▶

OSV

linux-hwe-5.4 vulnerabilities↗2021-09-16

▶

📋Vendor Advisories

Microsoft

▶

Ubuntu

Linux kernel (GCP) vulnerabilities↗2021-09-17

▶

Ubuntu

Linux kernel (OEM) vulnerabilities↗2021-09-16

▶

Ubuntu

Linux kernel (HWE) vulnerabilities↗2021-09-16

▶

Ubuntu

Kernel Live Patch Security Notice↗2021-09-13

▶