CVE-2021-3656

🗓️ 04 Mar 2022 18:41:26Reported by redhatType

Flaw in KVM's AMD code for supporting SVM nested virtualization, allowing malicious L1 to disable intercepts and potentially enabling guest-to-host escape

Reporter	Title	Published	Views	Family All 452
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM QRadar SIEM (CVE-2021-22543, CVE-2021-3653, CVE-2021-3656, CVE-2021-37576)	28 Apr 202220:56	–	ibm
Tenable Nessus	Amazon Linux 2 : kernel (ALAS-2021-1704)	16 Sep 202100:00	–	nessus
Tenable Nessus	Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-005)	2 May 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2 : microvm-kernel (ALASMICROVM-KERNEL-4.14-2023-002)	27 Sep 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : microvm-kernel (ALASMICROVM-KERNEL-4.14-2023-003)	27 Sep 202300:00	–	nessus
Tenable Nessus	AlmaLinux 8 : kernel (ALSA-2021:4056)	9 Feb 202200:00	–	nessus
Tenable Nessus	CentOS 8 : kernel (CESA-2021:4056)	3 Nov 202100:00	–	nessus
Tenable Nessus	CentOS 7 : kernel (RHSA-2021:3801)	17 Nov 202100:00	–	nessus
Tenable Nessus	Debian DSA-4978-1 : linux - security update	25 Sep 202100:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-2713)	11 Nov 202100:00	–	nessus

NVD

Vulners

Node

linux linux_kernelRange4.13–4.14.245

linux linux_kernelRange4.15–4.19.205

linux linux_kernelRange4.20–5.4.142

linux linux_kernelRange5.5–5.10.60

linux linux_kernelRange5.11–5.13.12

linux linux_kernelMatch5.14-

linux linux_kernelMatch5.14rc1

linux linux_kernelMatch5.14rc2

linux linux_kernelMatch5.14rc3

linux linux_kernelMatch5.14rc4

linux linux_kernelMatch5.14rc5

linux linux_kernelMatch5.14rc6

Node

fedoraproject fedoraMatch33

fedoraproject fedoraMatch34

Node

redhat software_collectionsMatch-

AND

redhat enterprise_linux_serverMatch7.0

Node

redhat openstackMatch13

redhat enterprise_linuxMatch8.0

redhat enterprise_linux_desktopMatch7.0

redhat enterprise_linux_eusMatch8.1

redhat enterprise_linux_eusMatch8.2

redhat enterprise_linux_eusMatch8.4

redhat enterprise_linux_for_ibm_z_systemsMatch7.0

redhat enterprise_linux_for_ibm_z_systemsMatch8.0

redhat enterprise_linux_for_ibm_z_systems_eusMatch8.1

redhat enterprise_linux_for_ibm_z_systems_eusMatch8.2

redhat enterprise_linux_for_ibm_z_systems_eusMatch8.4

redhat enterprise_linux_for_power_big_endianMatch7.0

redhat enterprise_linux_for_power_little_endianMatch7.0

redhat enterprise_linux_for_power_little_endianMatch8.0

redhat enterprise_linux_for_power_little_endian_eusMatch8.1

redhat enterprise_linux_for_power_little_endian_eusMatch8.2

redhat enterprise_linux_for_power_little_endian_eusMatch8.4

redhat enterprise_linux_for_real_timeMatch7

redhat enterprise_linux_for_real_timeMatch8

redhat enterprise_linux_for_real_time_for_nfvMatch7

redhat enterprise_linux_for_real_time_for_nfvMatch8

redhat enterprise_linux_for_real_time_for_nfv_tusMatch8.2

redhat enterprise_linux_for_real_time_for_nfv_tusMatch8.4

redhat enterprise_linux_for_real_time_tusMatch8.2

redhat enterprise_linux_for_real_time_tusMatch8.4

redhat enterprise_linux_for_scientific_computingMatch7.0

redhat enterprise_linux_serverMatch7.0

redhat enterprise_linux_server_ausMatch7.6

redhat enterprise_linux_server_ausMatch7.7

redhat enterprise_linux_server_ausMatch8.2

redhat enterprise_linux_server_ausMatch8.4

redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch7.6

redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch8.1

redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch8.2

redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch8.4

redhat enterprise_linux_server_tusMatch7.6

redhat enterprise_linux_server_tusMatch7.7

redhat enterprise_linux_server_tusMatch8.2

redhat enterprise_linux_server_tusMatch8.4

redhat enterprise_linux_server_update_services_for_sap_solutionsMatch7.6

redhat enterprise_linux_server_update_services_for_sap_solutionsMatch7.7

redhat enterprise_linux_server_update_services_for_sap_solutionsMatch8.1

redhat enterprise_linux_server_update_services_for_sap_solutionsMatch8.2

redhat enterprise_linux_server_update_services_for_sap_solutionsMatch8.4

redhat enterprise_linux_workstationMatch7.0

Node

redhat 3scale_api_managementMatch2.0

AND

redhat enterprise_linuxMatch7.0

redhat enterprise_linuxMatch8.0

Node

redhat codeready_linux_builderMatch-

AND

redhat enterprise_linuxMatch8.0

redhat enterprise_linux_eusMatch8.1

redhat enterprise_linux_eusMatch8.2

redhat enterprise_linux_eusMatch8.4

redhat enterprise_linux_for_power_little_endianMatch8.0

redhat enterprise_linux_for_power_little_endian_eusMatch8.1

redhat enterprise_linux_for_power_little_endian_eusMatch8.2

redhat enterprise_linux_for_power_little_endian_eusMatch8.4

Node

redhat virtualization_hostMatch4.0

AND

redhat enterprise_linuxMatch7.0

redhat enterprise_linuxMatch8.0

[
  {
    "product": "KVM",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed-In v5.14-rc7 and above"
      }
    ]
  }
]

Source	Link
git	www.git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/
github	www.github.com/torvalds/linux/commit/c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
openwall	www.openwall.com/lists/oss-security/2021/08/16/1

21 Nov 2024 06:22Current

8.6High risk

Vulners AI Score8.6

CVSS 27.2

CVSS 3.18.8

EPSS0.00658

CWE-862