Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. (CVE-2021-3656)
Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. (CVE-2021-3653)
{ "availability": "No subscription required", "binaries": [ { "binary_version": "5.8.0-1041.44~20.04.1", "binary_name": "linux-azure-5.8-cloud-tools-5.8.0-1041" }, { "binary_version": "5.8.0-1041.44~20.04.1", "binary_name": "linux-azure-5.8-headers-5.8.0-1041" }, { "binary_version": "5.8.0-1041.44~20.04.1", "binary_name": "linux-azure-5.8-tools-5.8.0-1041" }, { "binary_version": "5.8.0-1041.44~20.04.1", "binary_name": "linux-buildinfo-5.8.0-1041-azure" }, { "binary_version": "5.8.0-1041.44~20.04.1", "binary_name": "linux-cloud-tools-5.8.0-1041-azure" }, { "binary_version": "5.8.0-1041.44~20.04.1", "binary_name": "linux-headers-5.8.0-1041-azure" }, { "binary_version": "5.8.0-1041.44~20.04.1", "binary_name": "linux-image-unsigned-5.8.0-1041-azure" }, { "binary_version": "5.8.0-1041.44~20.04.1", "binary_name": "linux-modules-5.8.0-1041-azure" }, { "binary_version": "5.8.0-1041.44~20.04.1", "binary_name": "linux-modules-extra-5.8.0-1041-azure" }, { "binary_version": "5.8.0-1041.44~20.04.1", "binary_name": "linux-tools-5.8.0-1041-azure" } ] }
{ "cves_map": { "ecosystem": "Ubuntu:20.04:LTS", "cves": [ { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2021-3653" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2021-3656" } ] } }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "5.10.0-1045.47", "binary_name": "linux-buildinfo-5.10.0-1045-oem" }, { "binary_version": "5.10.0-1045.47", "binary_name": "linux-headers-5.10.0-1045-oem" }, { "binary_version": "5.10.0-1045.47", "binary_name": "linux-image-unsigned-5.10.0-1045-oem" }, { "binary_version": "5.10.0-1045.47", "binary_name": "linux-modules-5.10.0-1045-oem" }, { "binary_version": "5.10.0-1045.47", "binary_name": "linux-oem-5.10-headers-5.10.0-1045" }, { "binary_version": "5.10.0-1045.47", "binary_name": "linux-oem-5.10-tools-5.10.0-1045" }, { "binary_version": "5.10.0-1045.47", "binary_name": "linux-oem-5.10-tools-host" }, { "binary_version": "5.10.0-1045.47", "binary_name": "linux-tools-5.10.0-1045-oem" } ] }
{ "cves_map": { "ecosystem": "Ubuntu:20.04:LTS", "cves": [ { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2021-3653" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "high", "type": "Ubuntu" } ], "id": "CVE-2021-3656" } ] } }