A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.
Attack Vector Local
Attack Complexity Low
Privileges Required Low
Scope Changed
Confidentiality Impact High
Integrity Impact High
Availability Impact High
User Interaction None
No CVSS v3.0
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
AV:L/AC:L/Au:N/C:C/I:C/A:C
Vendors | Products |
---|---|
Redhat |
|
Fedoraproject |
|
Linux |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
AND |
|
Configuration 4 [-]
|
Configuration 5 [-]
AND |
|
Configuration 6 [-]
AND |
|
Configuration 7 [-]
AND |
|
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1983988 | Issue Tracking Third Party Advisory |
https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc | Patch Third Party Advisory |
https://github.com/torvalds/linux/commit/c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc | Patch Third Party Advisory |
https://www.openwall.com/lists/oss-security/2021/08/16/1 | Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2022-03-04T18:41:26
Updated: 2022-03-04T18:41:26
Reserved: 2021-07-21T00:00:00
Link: CVE-2021-3656
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-04T19:15:08.677
Modified: 2023-01-19T15:53:14.633
Link: CVE-2021-3656
JSON object: View
Redhat Information
No data.
CWE