SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP3) (SUSE-SU-2021:3073-1)

The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3073-1 advisory. - A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual...

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5072-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5072-1 advisory. Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable...

Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel vulnerabilities (USN-5073-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5073-1 advisory. Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM ...

Ubuntu 16.04 ESM : Linux kernel vulnerability (USN-5062-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-5062-1 advisory. Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in...

CVE-2021-3656

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "virtext" field, this issue could allow a malicious...

CVE-2021-3653

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "intctl" field, this issue could allow a malicious ...

CVE-2021-3656

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "virtext" field, this issue could allow a malicious...

CVE-2021-3653

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "intctl" field, this issue could allow a malicious ...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9420)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9420 advisory. - KVM: nSVM: always intercept VMLOAD/VMSAVE when nested Maxim Levitsky Orabug: 33205365 CVE-2021-3656 CVE-2021-3656 Tenable has extracted the...

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9422)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-9422 advisory. - KVM: nSVM: always intercept VMLOAD/VMSAVE when nested Maxim Levitsky Orabug: 33205367 CVE-2021-3656 Tenable has extracted the preceding description...

CVE-2020-24718

bhyve, as used in FreeBSD through 12.1 and illumos e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04, does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying...

Code injection

bhyve, as used in FreeBSD through 12.1 and illumos e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04, does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying...

CVE-2020-24718

bhyve, as used in FreeBSD through 12.1 and illumos e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04, does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying...

CVE-2020-24718

CVE-2020-24718 affects bhyve in FreeBSD (through 12.x) and related illumos variants (e.g., OmniOS CE, OpenIndiana). The issue is insufficient access controls on Intel VMCS/VMCB structures, allowing a root user in a container (host or jailed bhyve instance) to modify VMCS_HOST_RIP and escalate to ...

FreeBSD : FreeBSD -- bhyve privilege escalation via VMCS access (2c5b9cd7-f7e6-11ea-88f8-901b0ef719ab)

AMD and Intel CPUs support hardware virtualization using specialized data structures that control various aspects of guest operation. These are the Virtual Machine Control Structure VMCS on Intel CPUs, and the Virtual Machine Control Block VMCB on AMD CPUs. Insufficient access controls allow root...

Low: Red Hat Security Advisory: kvm security and bug fix update

Updated kvm packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...