Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-3653

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.

Published

2021-09-29T20:15:08.617

Last Modified

2024-11-21T06:22:04.710

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

8.5

Weaknesses

Type: Primary
CWE-862
Type: Secondary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 4.4.282	Yes
Operating System	linux	linux_kernel	< 4.9.281	Yes
Operating System	linux	linux_kernel	< 4.14.245	Yes
Operating System	linux	linux_kernel	< 4.19.205	Yes
Operating System	linux	linux_kernel	< 5.4.142	Yes
Operating System	linux	linux_kernel	< 5.10.60	Yes
Operating System	linux	linux_kernel	< 5.13.12	Yes
Operating System	linux	linux_kernel	5.14	Yes
Operating System	linux	linux_kernel	5.14	Yes
Operating System	linux	linux_kernel	5.14	Yes
Operating System	linux	linux_kernel	5.14	Yes
Operating System	linux	linux_kernel	5.14	Yes
Operating System	linux	linux_kernel	5.14	Yes
Operating System	redhat	enterprise_linux	7.0	Yes
Operating System	debian	debian_linux	9.0	Yes

References

http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html Exploit, Third Party Advisory, VDB Entry ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1983686 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html Mailing List, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html Mailing List, Third Party Advisory ([email protected])
https://www.openwall.com/lists/oss-security/2021/08/16/1 Mailing List, Patch, Third Party Advisory ([email protected])
http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1983686 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2021/08/16/1 Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)