CVE-2021-3653 log

Source
Severity Medium
Remote No
Type Insufficient validation
Description
A security issue has been found in the KVM's AMD code for supporting SVM nested virtualization in the Linux kernel before version 5.13.20. This issue is caused by missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. The L2 guest is able to write to a limited but still relatively large subset of the host physical memory. Note that AVIC is currently not supported with nesting and it is not advertised in the L1 CPUID.
Group Package Affected Fixed Severity Status Ticket
AVG-2297 linux-lts 5.10.56-1 5.10.60-1 Medium Fixed
AVG-2296 linux-zen 5.13.10.zen1-1 5.13.12.zen1-1 Medium Fixed
AVG-2295 linux 5.13.10.arch1-1 5.13.12.arch1-1 Medium Fixed
AVG-2234 linux-hardened 5.12.19.hardened1-1 5.13.13.hardened1-1 Medium Fixed
References
https://www.openwall.com/lists/oss-security/2021/08/16/1
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.12&id=a0949ee63cf95408870a564ccad163018b1a9e6b
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.60&id=c0883f693187c646c0972d73e525523f9486c2e3