CVE-2021-3653 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Insufficient validation
Description	A security issue has been found in the KVM's AMD code for supporting SVM nested virtualization in the Linux kernel before version 5.13.20. This issue is caused by missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. The L2 guest is able to write to a limited but still relatively large subset of the host physical memory. Note that AVIC is currently not supported with nesting and it is not advertised in the L1 CPUID.

Group	Package	Affected	Fixed	Severity	Status
AVG-2297	linux-lts	5.10.56-1	5.10.60-1	Medium	Fixed
AVG-2296	linux-zen	5.13.10.zen1-1	5.13.12.zen1-1	Medium	Fixed
AVG-2295	linux	5.13.10.arch1-1	5.13.12.arch1-1	Medium	Fixed
AVG-2234	linux-hardened	5.12.19.hardened1-1	5.13.13.hardened1-1	Medium	Fixed

References
https://www.openwall.com/lists/oss-security/2021/08/16/1 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.12&id=a0949ee63cf95408870a564ccad163018b1a9e6b https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.60&id=c0883f693187c646c0972d73e525523f9486c2e3

References

https://www.openwall.com/lists/oss-security/2021/08/16/1
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.12&id=a0949ee63cf95408870a564ccad163018b1a9e6b
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.60&id=c0883f693187c646c0972d73e525523f9486c2e3