CVE-2021-3656 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Insufficient validation
Description	A security issue has been found in the KVM's AMD code for supporting SVM nested virtualization in the Linux kernel before version 5.13.20. This issue is caused by missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. Under these circumstances, the L2 guest is able to run VMLOAD/VMSAVE unintercepted, and thus read/write portions of the host physical memory.

Group	Package	Affected	Fixed	Severity	Status
AVG-2297	linux-lts	5.10.56-1	5.10.60-1	Medium	Fixed
AVG-2296	linux-zen	5.13.10.zen1-1	5.13.12.zen1-1	Medium	Fixed
AVG-2295	linux	5.13.10.arch1-1	5.13.12.arch1-1	Medium	Fixed
AVG-2234	linux-hardened	5.12.19.hardened1-1	5.13.13.hardened1-1	Medium	Fixed

References
https://www.openwall.com/lists/oss-security/2021/08/16/1 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.12&id=639a033fd765ed473dfee27028df5ccbe1038a2e https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.60&id=3dc5666baf2a135f250e4101d41d5959ac2c2e1f

References

https://www.openwall.com/lists/oss-security/2021/08/16/1
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.12&id=639a033fd765ed473dfee27028df5ccbe1038a2e
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.60&id=3dc5666baf2a135f250e4101d41d5959ac2c2e1f