CVE-2021-3653

The CVE-2021-3653 issue affects the KVM hypervisor AMD code dealing with SVM nested virtualization. The root cause is improper validation of the int_ctl field in the VMCB provided by an L1 guest, which could allow a malicious L1 to enable AVIC for an L2 guest. Consequences stated across connected...

CVE-2021-3653

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "intctl" field, this issue could allow a malicious ...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:3207-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3207-1 advisory. - In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculativ...

Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel (GCP) vulnerabilities (USN-5073-2)

The remote Ubuntu 16.04 ESM / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5073-2 advisory. Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM ...

SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP3) (SUSE-SU-2021:3073-1)

The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3073-1 advisory. - A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual...

Amazon Linux 2 : kernel (ALAS-2021-1704)

The version of kernel installed on the remote host is prior to 4.14.246-187.474. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1704 advisory. A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing t...

Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel vulnerabilities (USN-5073-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5073-1 advisory. Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM ...

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5072-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5072-1 advisory. Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable...

Ubuntu 16.04 ESM : Linux kernel vulnerability (USN-5062-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-5062-1 advisory. Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in...

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.10.60 and fixes at least the following security issues: A missing validation of the "intctl" VMCB field allows a malicious L1 guest to enable AVIC support Advanced Virtual Interrupt Controller for the L2 guest. The L2 guest is able to write to a...

CVE-2021-3653

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "intctl" field, this issue could allow a malicious ...

CVE-2021-3656

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "virtext" field, this issue could allow a malicious...

UBUNTU-CVE-2021-3653

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "intctl" field, this issue could allow a malicious ...

CVE-2021-3653

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "intctl" field, this issue could allow a malicious ...

CVE-2021-3656

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "virtext" field, this issue could allow a malicious...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9420)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9420 advisory. - KVM: nSVM: always intercept VMLOAD/VMSAVE when nested Maxim Levitsky Orabug: 33205365 CVE-2021-3656 CVE-2021-3656 Tenable has extracted the...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9419)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9419 advisory. - KVM: nSVM: always intercept VMLOAD/VMSAVE when nested Maxim Levitsky Orabug: 33205367 CVE-2021-3656 CVE-2021-3656 Tenable has extracted the preceding...

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9422)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-9422 advisory. - KVM: nSVM: always intercept VMLOAD/VMSAVE when nested Maxim Levitsky Orabug: 33205367 CVE-2021-3656 Tenable has extracted the preceding description...

UBUNTU-CVE-2021-29657

arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in...

CVE-2020-24718

bhyve, as used in FreeBSD through 12.1 and illumos e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04, does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying...