CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:P/I:P/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
35.2%
A flaw was found in the KVM’s AMD code for supporting SVM nested
virtualization. The flaw occurs when processing the VMCB (virtual machine
control block) provided by the L1 guest to spawn/handle a nested guest
(L2). Due to improper validation of the “int_ctl” field, this issue could
allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt
Controller) for the L2 guest. As a result, the L2 guest would be allowed to
read/write physical pages of the host, resulting in a crash of the entire
system, leak of sensitive data or potential guest-to-host escape. This flaw
affects Linux kernel versions prior to 5.14-rc7.
Author | Note |
---|---|
cascardo | trusty libvirt/qemu does not create nested capable VMs by default |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-156.163 | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < 5.4.0-84.94 | UNKNOWN |
ubuntu | 21.04 | noarch | linux | < 5.11.0-34.36 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < 4.4.0-214.246 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1111.118 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1056.59 | UNKNOWN |
ubuntu | 21.04 | noarch | linux-aws | < 5.11.0-1017.18 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-aws | < 4.4.0-1096.101 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws | < 4.4.0-1132.146 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.11 | < 5.11.0-1017.18~20.04.1 | UNKNOWN |
github.com/torvalds/linux/commit/3d6368ef580a
launchpad.net/bugs/cve/CVE-2021-3653
nvd.nist.gov/vuln/detail/CVE-2021-3653
security-tracker.debian.org/tracker/CVE-2021-3653
ubuntu.com/security/notices/USN-5062-1
ubuntu.com/security/notices/USN-5070-1
ubuntu.com/security/notices/USN-5071-1
ubuntu.com/security/notices/USN-5071-2
ubuntu.com/security/notices/USN-5072-1
ubuntu.com/security/notices/USN-5073-1
ubuntu.com/security/notices/USN-5073-2
ubuntu.com/security/notices/USN-5082-1
www.cve.org/CVERecord?id=CVE-2021-3653
www.openwall.com/lists/oss-security/2021/08/16/1
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:P/I:P/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
35.2%