1. Home
  2. Vulnerabilities
  3. CVE-2021-3653

CVE-2021-3653

CVSS v3.1 8.8 (High)
88% Progress
CVSS v2.0 6.1 (Medium)
61% Progress
EPSS 0.08 % (35th)
0.08% Progress
Affected Products 3
Advisories 54
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.

Weaknesses
CWE-862
Missing Authorization
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2021-09-29 20:15:08
(3 years ago)
Updated Date
2023-05-16 10:49:00
(16 months ago)

Affected Products

Debian

Linux

Redhat

Configuration #1

    CPE23 From Up To
  Linux Kernel from 2.6.30 version and prior 4.4.282 version cpe:2.3:o:linux:linux_kernel >= 2.6.30 < 4.4.282
  Linux Kernel from 4.5 version and prior 4.9.281 version cpe:2.3:o:linux:linux_kernel >= 4.5 < 4.9.281
  Linux Kernel from 4.10 version and prior 4.14.245 version cpe:2.3:o:linux:linux_kernel >= 4.10 < 4.14.245
  Linux Kernel from 4.15 version and prior 4.19.205 version cpe:2.3:o:linux:linux_kernel >= 4.15 < 4.19.205
  Linux Kernel from 4.20 version and prior 5.4.142 version cpe:2.3:o:linux:linux_kernel >= 4.20 < 5.4.142
  Linux Kernel from 5.5 version and prior 5.10.60 version cpe:2.3:o:linux:linux_kernel >= 5.5 < 5.10.60
  Linux Kernel from 5.11 version and prior 5.13.12 version cpe:2.3:o:linux:linux_kernel >= 5.11 < 5.13.12
  Linux Kernel 5.14 Rc1 cpe:2.3:o:linux:linux_kernel:5.14:rc1
  Linux Kernel 5.14 Rc2 cpe:2.3:o:linux:linux_kernel:5.14:rc2
  Linux Kernel 5.14 Rc3 cpe:2.3:o:linux:linux_kernel:5.14:rc3
  Linux Kernel 5.14 Rc4 cpe:2.3:o:linux:linux_kernel:5.14:rc4
  Linux Kernel 5.14 Rc5 cpe:2.3:o:linux:linux_kernel:5.14:rc5
  Linux Kernel 5.14 Rc6 cpe:2.3:o:linux:linux_kernel:5.14:rc6

Configuration #2

    CPE23 From Up To
  Redhat Enterprise Linux 7.0 cpe:2.3:o:redhat:enterprise_linux:7.0

Configuration #3

    CPE23 From Up To
  Debian Linux 9.0 cpe:2.3:o:debian:debian_linux:9.0