Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-3656

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.

Published

2022-03-04T19:15:08.677

Last Modified

2024-11-21T06:22:05.187

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-862
Type: Primary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 4.14.245	Yes
Operating System	linux	linux_kernel	< 4.19.205	Yes
Operating System	linux	linux_kernel	< 5.4.142	Yes
Operating System	linux	linux_kernel	< 5.10.60	Yes
Operating System	linux	linux_kernel	< 5.13.12	Yes
Operating System	linux	linux_kernel	5.14	Yes
Operating System	linux	linux_kernel	5.14	Yes
Operating System	linux	linux_kernel	5.14	Yes
Operating System	linux	linux_kernel	5.14	Yes
Operating System	linux	linux_kernel	5.14	Yes
Operating System	linux	linux_kernel	5.14	Yes
Operating System	linux	linux_kernel	5.14	Yes
Operating System	fedoraproject	fedora	33	Yes
Operating System	fedoraproject	fedora	34	Yes
Application	redhat	software_collections	-	Yes
Operating System	redhat	enterprise_linux_server	7.0	No
Application	redhat	openstack	13	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux_desktop	7.0	Yes
Operating System	redhat	enterprise_linux_eus	8.1	Yes
Operating System	redhat	enterprise_linux_eus	8.2	Yes
Operating System	redhat	enterprise_linux_eus	8.4	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems	7.0	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems	8.0	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems_eus	8.1	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems_eus	8.2	Yes
Operating System	redhat	enterprise_linux_for_ibm_z_systems_eus	8.4	Yes
Operating System	redhat	enterprise_linux_for_power_big_endian	7.0	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian	7.0	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian	8.0	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian_eus	8.1	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian_eus	8.2	Yes
Operating System	redhat	enterprise_linux_for_power_little_endian_eus	8.4	Yes
Operating System	redhat	enterprise_linux_for_real_time	7	Yes
Operating System	redhat	enterprise_linux_for_real_time	8	Yes
Operating System	redhat	enterprise_linux_for_real_time_for_nfv	7	Yes
Operating System	redhat	enterprise_linux_for_real_time_for_nfv	8	Yes
Operating System	redhat	enterprise_linux_for_real_time_for_nfv_tus	8.2	Yes
Operating System	redhat	enterprise_linux_for_real_time_for_nfv_tus	8.4	Yes
Operating System	redhat	enterprise_linux_for_real_time_tus	8.2	Yes
Operating System	redhat	enterprise_linux_for_real_time_tus	8.4	Yes
Operating System	redhat	enterprise_linux_for_scientific_computing	7.0	Yes
Operating System	redhat	enterprise_linux_server	7.0	Yes
Operating System	redhat	enterprise_linux_server_aus	7.6	Yes
Operating System	redhat	enterprise_linux_server_aus	7.7	Yes
Operating System	redhat	enterprise_linux_server_aus	8.2	Yes
Operating System	redhat	enterprise_linux_server_aus	8.4	Yes
Operating System	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	7.6	Yes
Operating System	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.1	Yes
Operating System	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.2	Yes
Operating System	redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.4	Yes
Operating System	redhat	enterprise_linux_server_tus	7.6	Yes
Operating System	redhat	enterprise_linux_server_tus	7.7	Yes
Operating System	redhat	enterprise_linux_server_tus	8.2	Yes
Operating System	redhat	enterprise_linux_server_tus	8.4	Yes
Operating System	redhat	enterprise_linux_server_update_services_for_sap_solutions	7.6	Yes
Operating System	redhat	enterprise_linux_server_update_services_for_sap_solutions	7.7	Yes
Operating System	redhat	enterprise_linux_server_update_services_for_sap_solutions	8.1	Yes
Operating System	redhat	enterprise_linux_server_update_services_for_sap_solutions	8.2	Yes
Operating System	redhat	enterprise_linux_server_update_services_for_sap_solutions	8.4	Yes
Operating System	redhat	enterprise_linux_workstation	7.0	Yes
Application	redhat	3scale_api_management	2.0	Yes
Operating System	redhat	enterprise_linux	7.0	No
Operating System	redhat	enterprise_linux	8.0	No
Application	redhat	codeready_linux_builder	-	Yes
Operating System	redhat	enterprise_linux	8.0	No
Operating System	redhat	enterprise_linux_eus	8.1	No
Operating System	redhat	enterprise_linux_eus	8.2	No
Operating System	redhat	enterprise_linux_eus	8.4	No
Operating System	redhat	enterprise_linux_for_power_little_endian	8.0	No
Operating System	redhat	enterprise_linux_for_power_little_endian_eus	8.1	No
Operating System	redhat	enterprise_linux_for_power_little_endian_eus	8.2	No
Operating System	redhat	enterprise_linux_for_power_little_endian_eus	8.4	No
Application	redhat	virtualization_host	4.0	Yes
Operating System	redhat	enterprise_linux	7.0	No
Operating System	redhat	enterprise_linux	8.0	No

References

https://bugzilla.redhat.com/show_bug.cgi?id=1983988 Issue Tracking, Third Party Advisory ([email protected])
https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc Patch, Third Party Advisory ([email protected])
https://github.com/torvalds/linux/commit/c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc Patch, Third Party Advisory ([email protected])
https://www.openwall.com/lists/oss-security/2021/08/16/1 Mailing List, Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1983988 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/torvalds/linux/commit/c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2021/08/16/1 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)