8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.3%
A flaw was found in the KVM’s AMD code for supporting SVM nested
virtualization. The flaw occurs when processing the VMCB (virtual machine
control block) provided by the L1 guest to spawn/handle a nested guest
(L2). Due to improper validation of the “virt_ext” field, this issue could
allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS
(Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would
be allowed to read/write physical pages of the host, resulting in a crash
of the entire system, leak of sensitive data or potential guest-to-host
escape.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-156.163 | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < 5.4.0-84.94 | UNKNOWN |
ubuntu | 21.04 | noarch | linux | < 5.11.0-34.36 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1111.118 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1056.59 | UNKNOWN |
ubuntu | 21.04 | noarch | linux-aws | < 5.11.0-1017.18 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.11 | < 5.11.0-1017.18~20.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | < 5.4.0-1056.59~18.04.1 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws-hwe | < 4.15.0-1111.118~16.04.1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < 5.4.0-1058.60 | UNKNOWN |
github.com/torvalds/linux/commit/89c8a4984fc9
launchpad.net/bugs/cve/CVE-2021-3656
nvd.nist.gov/vuln/detail/CVE-2021-3656
security-tracker.debian.org/tracker/CVE-2021-3656
ubuntu.com/security/notices/USN-5070-1
ubuntu.com/security/notices/USN-5071-1
ubuntu.com/security/notices/USN-5071-2
ubuntu.com/security/notices/USN-5072-1
ubuntu.com/security/notices/USN-5073-1
ubuntu.com/security/notices/USN-5073-2
ubuntu.com/security/notices/USN-5082-1
www.cve.org/CVERecord?id=CVE-2021-3656
www.openwall.com/lists/oss-security/2021/08/16/1
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.3%