1. Home
  2. Vulnerabilities
  3. CVE-2021-3656

CVE-2021-3656

CVSS v3.1 8.8 (High)
88% Progress
CVSS v2.0 7.2 (High)
72% Progress
EPSS 0.04 % (5th)
0.04% Progress
Affected Products 31
Advisories 50
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.

Weaknesses
CWE-862
Missing Authorization
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2022-03-04 19:15:08
(2 years ago)
Updated Date
2023-01-19 15:53:14
(20 months ago)

Affected Products

Fedoraproject

Linux

Redhat

Configuration #1

AND
    CPE23 From Up To
OR  
  Linux Kernel from 4.13 version and prior 4.14.245 version cpe:2.3:o:linux:linux_kernel >= 4.13 < 4.14.245
OR  
  Running on/with
  Linux Kernel from 4.15 version and prior 4.19.205 version cpe:2.3:o:linux:linux_kernel >= 4.15 < 4.19.205
OR  
  Running on/with
  Linux Kernel from 4.20 version and prior 5.4.142 version cpe:2.3:o:linux:linux_kernel >= 4.20 < 5.4.142
OR  
  Running on/with
  Linux Kernel from 5.5 version and prior 5.10.60 version cpe:2.3:o:linux:linux_kernel >= 5.5 < 5.10.60
OR  
  Running on/with
  Linux Kernel from 5.11 version and prior 5.13.12 version cpe:2.3:o:linux:linux_kernel >= 5.11 < 5.13.12
OR  
  Running on/with
  Linux Kernel 5.14 cpe:2.3:o:linux:linux_kernel:5.14:-
OR  
  Running on/with
  Linux Kernel 5.14 Rc1 cpe:2.3:o:linux:linux_kernel:5.14:rc1
OR  
  Running on/with
  Linux Kernel 5.14 Rc2 cpe:2.3:o:linux:linux_kernel:5.14:rc2
OR  
  Running on/with
  Linux Kernel 5.14 Rc3 cpe:2.3:o:linux:linux_kernel:5.14:rc3
OR  
  Running on/with
  Linux Kernel 5.14 Rc4 cpe:2.3:o:linux:linux_kernel:5.14:rc4
OR  
  Running on/with
  Linux Kernel 5.14 Rc5 cpe:2.3:o:linux:linux_kernel:5.14:rc5
OR  
  Running on/with
  Linux Kernel 5.14 Rc6 cpe:2.3:o:linux:linux_kernel:5.14:rc6

Configuration #2

AND
    CPE23 From Up To
OR  
  Fedoraproject Fedora 33 cpe:2.3:o:fedoraproject:fedora:33
OR  
  Running on/with
  Fedoraproject Fedora 34 cpe:2.3:o:fedoraproject:fedora:34

Configuration #3

AND
    CPE23 From Up To
OR  
  Redhat Software Collections cpe:2.3:a:redhat:software_collections:-
OR  
  Running on/with
  Redhat Enterprise Linux Server 7.0 cpe:2.3:o:redhat:enterprise_linux_server:7.0

Configuration #4

AND
    CPE23 From Up To
OR  
  Redhat Openstack 13 cpe:2.3:a:redhat:openstack:13
OR  
  Running on/with
  Redhat Enterprise Linux 8.0 cpe:2.3:o:redhat:enterprise_linux:8.0
OR  
  Running on/with
  Redhat Enterprise Linux Desktop 7.0 cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
OR  
  Running on/with
  Redhat Enterprise Linux Eus 8.1 cpe:2.3:o:redhat:enterprise_linux_eus:8.1
OR  
  Running on/with
  Redhat Enterprise Linux Eus 8.2 cpe:2.3:o:redhat:enterprise_linux_eus:8.2
OR  
  Running on/with
  Redhat Enterprise Linux Eus 8.4 cpe:2.3:o:redhat:enterprise_linux_eus:8.4
OR  
  Running on/with
  Redhat Enterprise Linux for Ibm Z Systems 7.0 cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0
OR  
  Running on/with
  Redhat Enterprise Linux for Ibm Z Systems 8.0 cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0
OR  
  Running on/with
  Redhat Enterprise Linux for Ibm Z Systems Eus 8.1 cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1
OR  
  Running on/with
  Redhat Enterprise Linux for Ibm Z Systems Eus 8.2 cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2
OR  
  Running on/with
  Redhat Enterprise Linux for Ibm Z Systems Eus 8.4 cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4
OR  
  Running on/with
  Redhat Enterprise Linux for Power Big Endian 7.0 cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0
OR  
  Running on/with
  Redhat Enterprise Linux for Power Little Endian 7.0 cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0
OR  
  Running on/with
  Redhat Enterprise Linux for Power Little Endian 8.0 cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0
OR  
  Running on/with
  Redhat Enterprise Linux for Power Little Endian Eus 8.1 cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1
OR  
  Running on/with
  Redhat Enterprise Linux for Power Little Endian Eus 8.2 cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2
OR  
  Running on/with
  Redhat Enterprise Linux for Power Little Endian Eus 8.4 cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4
OR  
  Running on/with
  Redhat Enterprise Linux for Real Time 7 cpe:2.3:o:redhat:enterprise_linux_for_real_time:7
OR  
  Running on/with
  Redhat Enterprise Linux for Real Time 8 cpe:2.3:o:redhat:enterprise_linux_for_real_time:8
OR  
  Running on/with
  Redhat Enterprise Linux for Real Time For Nfv 7 cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:7
OR  
  Running on/with
  Redhat Enterprise Linux for Real Time For Nfv 8 cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8
OR  
  Running on/with
  Redhat Enterprise Linux for Real Time For Nfv Tus 8.2 cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2
OR  
  Running on/with
  Redhat Enterprise Linux for Real Time For Nfv Tus 8.4 cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.4
OR  
  Running on/with
  Redhat Enterprise Linux for Real Time Tus 8.2 cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2
OR  
  Running on/with
  Redhat Enterprise Linux for Real Time Tus 8.4 cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.4
OR  
  Running on/with
  Redhat Enterprise Linux for Scientific Computing 7.0 cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0
OR  
  Running on/with
  Redhat Enterprise Linux Server 7.0 cpe:2.3:o:redhat:enterprise_linux_server:7.0
OR  
  Running on/with
  Redhat Enterprise Linux Server Aus 7.6 cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
OR  
  Running on/with
  Redhat Enterprise Linux Server Aus 7.7 cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7
OR  
  Running on/with
  Redhat Enterprise Linux Server Aus 8.2 cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2
OR  
  Running on/with
  Redhat Enterprise Linux Server Aus 8.4 cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4
OR  
  Running on/with
  Redhat Enterprise Linux Server for Power Little Endian Update Services For Sap Solutions 7.6 cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.6
OR  
  Running on/with
  Redhat Enterprise Linux Server for Power Little Endian Update Services For Sap Solutions 8.1 cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1
OR  
  Running on/with
  Redhat Enterprise Linux Server for Power Little Endian Update Services For Sap Solutions 8.2 cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2
OR  
  Running on/with
  Redhat Enterprise Linux Server for Power Little Endian Update Services For Sap Solutions 8.4 cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4
OR  
  Running on/with
  Redhat Enterprise Linux Server Tus 7.6 cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
OR  
  Running on/with
  Redhat Enterprise Linux Server Tus 7.7 cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7
OR  
  Running on/with
  Redhat Enterprise Linux Server Tus 8.2 cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2
OR  
  Running on/with
  Redhat Enterprise Linux Server Tus 8.4 cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4
OR  
  Running on/with
  Redhat Enterprise Linux Server Update Services for Sap Solutions 7.6 cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6
OR  
  Running on/with
  Redhat Enterprise Linux Server Update Services for Sap Solutions 7.7 cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7
OR  
  Running on/with
  Redhat Enterprise Linux Server Update Services for Sap Solutions 8.1 cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1
OR  
  Running on/with
  Redhat Enterprise Linux Server Update Services for Sap Solutions 8.2 cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2
OR  
  Running on/with
  Redhat Enterprise Linux Server Update Services for Sap Solutions 8.4 cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4
OR  
  Running on/with
  Redhat Enterprise Linux Workstation 7.0 cpe:2.3:o:redhat:enterprise_linux_workstation:7.0

Configuration #5

AND
    CPE23 From Up To
OR  
  Redhat 3scale Api Management 2.0 cpe:2.3:a:redhat:3scale_api_management:2.0
OR  
  Running on/with
  Redhat Enterprise Linux 7.0 cpe:2.3:o:redhat:enterprise_linux:7.0
OR  
  Running on/with
  Redhat Enterprise Linux 8.0 cpe:2.3:o:redhat:enterprise_linux:8.0

Configuration #6

AND
    CPE23 From Up To
OR  
  Redhat Codeready Linux Builder cpe:2.3:a:redhat:codeready_linux_builder:-
OR  
  Running on/with
  Redhat Enterprise Linux 8.0 cpe:2.3:o:redhat:enterprise_linux:8.0
OR  
  Running on/with
  Redhat Enterprise Linux Eus 8.1 cpe:2.3:o:redhat:enterprise_linux_eus:8.1
OR  
  Running on/with
  Redhat Enterprise Linux Eus 8.2 cpe:2.3:o:redhat:enterprise_linux_eus:8.2
OR  
  Running on/with
  Redhat Enterprise Linux Eus 8.4 cpe:2.3:o:redhat:enterprise_linux_eus:8.4
OR  
  Running on/with
  Redhat Enterprise Linux for Power Little Endian 8.0 cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0
OR  
  Running on/with
  Redhat Enterprise Linux for Power Little Endian Eus 8.1 cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1
OR  
  Running on/with
  Redhat Enterprise Linux for Power Little Endian Eus 8.2 cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2
OR  
  Running on/with
  Redhat Enterprise Linux for Power Little Endian Eus 8.4 cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4

Configuration #7

AND
    CPE23 From Up To
OR  
  Redhat Virtualization Host 4.0 cpe:2.3:a:redhat:virtualization_host:4.0
OR  
  Running on/with
  Redhat Enterprise Linux 7.0 cpe:2.3:o:redhat:enterprise_linux:7.0
OR  
  Running on/with
  Redhat Enterprise Linux 8.0 cpe:2.3:o:redhat:enterprise_linux:8.0