CVE-2021-3656 - log back

CVE-2021-3656 edited at 23 Aug 2021 11:22:43
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Insufficient validation
Description
+ A security issue has been found in the KVM's AMD code for supporting SVM nested virtualization in the Linux kernel before version 5.13.20. This issue is caused by missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. Under these circumstances, the L2 guest is able to run VMLOAD/VMSAVE unintercepted, and thus read/write portions of the host physical memory.
References
+ https://www.openwall.com/lists/oss-security/2021/08/16/1
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.12&id=639a033fd765ed473dfee27028df5ccbe1038a2e
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.60&id=3dc5666baf2a135f250e4101d41d5959ac2c2e1f
CVE-2021-3656 created at 23 Aug 2021 11:19:18
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes