Severity |
|
Remote |
|
Type |
- |
Unknown |
+ |
Insufficient validation |
|
Description |
+ |
A security issue has been found in the KVM's AMD code for supporting SVM nested virtualization in the Linux kernel before version 5.13.20. This issue is caused by missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. Under these circumstances, the L2 guest is able to run VMLOAD/VMSAVE unintercepted, and thus read/write portions of the host physical memory. |
|
References |
+ |
https://www.openwall.com/lists/oss-security/2021/08/16/1 |
+ |
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.12&id=639a033fd765ed473dfee27028df5ccbe1038a2e |
+ |
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.60&id=3dc5666baf2a135f250e4101d41d5959ac2c2e1f |
|