CVE-2021-3656 log

Source
Severity Medium
Remote No
Type Insufficient validation
Description
A security issue has been found in the KVM's AMD code for supporting SVM nested virtualization in the Linux kernel before version 5.13.20. This issue is caused by missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. Under these circumstances, the L2 guest is able to run VMLOAD/VMSAVE unintercepted, and thus read/write portions of the host physical memory.
Group Package Affected Fixed Severity Status Ticket
AVG-2297 linux-lts 5.10.56-1 5.10.60-1 Medium Fixed
AVG-2296 linux-zen 5.13.10.zen1-1 5.13.12.zen1-1 Medium Fixed
AVG-2295 linux 5.13.10.arch1-1 5.13.12.arch1-1 Medium Fixed
AVG-2234 linux-hardened 5.12.19.hardened1-1 5.13.13.hardened1-1 Medium Fixed
References
https://www.openwall.com/lists/oss-security/2021/08/16/1
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.12&id=639a033fd765ed473dfee27028df5ccbe1038a2e
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.60&id=3dc5666baf2a135f250e4101d41d5959ac2c2e1f