CVE-2021-3653 - log back

CVE-2021-3653 edited at 23 Aug 2021 11:21:48
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Insufficient validation
Description
+ A security issue has been found in the KVM's AMD code for supporting SVM nested virtualization in the Linux kernel before version 5.13.20. This issue is caused by missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. The L2 guest is able to write to a limited but still relatively large subset of the host physical memory. Note that AVIC is currently not supported with nesting and it is not advertised in the L1 CPUID.
References
+ https://www.openwall.com/lists/oss-security/2021/08/16/1
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.12&id=a0949ee63cf95408870a564ccad163018b1a9e6b
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.60&id=c0883f693187c646c0972d73e525523f9486c2e3
CVE-2021-3653 created at 23 Aug 2021 11:19:18
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes