PT-2021-6073 · Linux+10 · Linux Kernel+10

Maxim Levitsky

·

Published

2021-08-16

·

Updated

2024-06-15

·

CVE-2021-3653

CVSS v3.1

8.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14-rc7
Description A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the int ctl field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.
Recommendations For Linux kernel versions prior to 5.14-rc7, update to version 5.14-rc7 or later to resolve the issue. As a temporary workaround, consider disabling the nested virtualization feature until a patch is available. Restrict access to the VMCB to minimize the risk of exploitation. Avoid using the int ctl field in the VMCB until the issue is resolved.

Exploit

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-264

Related Identifiers

ALSA-2021:3548
ALT-PU-2021-2564
ALT-PU-2021-2640
ALT-PU-2021-2643
ALT-PU-2021-2644
ALT-PU-2021-2658
ALT-PU-2021-2659
ALT-PU-2021-2661
ALT-PU-2021-2662
ALT-PU-2021-2672
ALT-PU-2021-2677
ALT-PU-2021-2678
ALT-PU-2021-2691
ALT-PU-2021-2737
ALT-PU-2021-2748
ALT-PU-2021-2751
ALT-PU-2021-2901
ALT-PU-2021-2985
ALT-PU-2021-2986
ALT-PU-2021-2989
ALT-PU-2021-2990
ALT-PU-2021-2996
ALT-PU-2021-3000
ALT-PU-2021-3002
ALT-PU-2021-3007
ALT-PU-2021-3015
ALT-PU-2021-3021
ALT-PU-2021-3022
ALT-PU-2021-3067
ALT-PU-2021-3477
ALT-PU-2021-3563
ALT-PU-2021-3573
ALT-PU-2022-1240
ALT-PU-2022-2096
ALT-PU-2023-4894
AZL-6575
BDU:2022-00682
CESA-2021_3547
CESA-2021_3548
CESA-2021_3801
CVE-2021-3653
DLA-2785-1
DLA-2843-1
DSA-4978-1
LSN-0081-1
LSN-0083-1
MGASA-2021-0409
MGASA-2021-0410
OESA-2021-1366
OPENSUSE-SU-2021:1271-1
OPENSUSE-SU-2021:3179-1
OPENSUSE-SU-2021:3205-1
OPENSUSE-SU-2021:3876-1
OPENSUSE-SU-2021_1271-1
OPENSUSE-SU-2021_3179-1
OPENSUSE-SU-2021_3205-1
OPENSUSE-SU-2021_3876-1
OPENSUSE-SU-2024:10728-1
OPENSUSE-SU-2024:13704-1
RHSA-2021:3547
RHSA-2021:3548
RHSA-2021:3676
RHSA-2021:3767
RHSA-2021:3801
RHSA-2021:3802
RHSA-2021:3812
RHSA-2021:3904
RHSA-2021:3909
RHSA-2021:3987
RHSA-2021:4692
RHSA-2021:4768
RHSA-2021_3547
RHSA-2021_3548
RHSA-2021_3801
RHSA-2021_3802
RLSA-2021:3547
RLSA-2021:3548
SUSE-SU-2021:14849-1
SUSE-SU-2021:3073-1
SUSE-SU-2021:3177-1
SUSE-SU-2021:3178-1
SUSE-SU-2021:3179-1
SUSE-SU-2021:3192-1
SUSE-SU-2021:3196-1
SUSE-SU-2021:3205-1
SUSE-SU-2021:3205-2
SUSE-SU-2021:3206-1
SUSE-SU-2021:3207-1
SUSE-SU-2021:3217-1
SUSE-SU-2021:3415-1
SUSE-SU-2021:3876-1
SUSE-SU-2021:3929-1
SUSE-SU-2021:3935-1
SUSE-SU-2021:3969-1
SUSE-SU-2021:3972-1
SUSE-SU-2021_14849-1
SUSE-SU-2021_3073-1
SUSE-SU-2021_3196-1
USN-5062-1
USN-5070-1
USN-5071-1
USN-5071-2
USN-5072-1
USN-5073-1
USN-5073-2
USN-5082-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu