8.8

CVE-2021-3656

EPSS 0.06%
Published 04.03.2022 19:15:08
Last modified 21.11.2024 06:22:05
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.13 < 4.14.245

Linux ≫ Linux Kernel Version >= 4.15 < 4.19.205

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.142

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.60

Linux ≫ Linux Kernel Version >= 5.11 < 5.13.12

Linux ≫ Linux Kernel Version5.14 Update-

Linux ≫ Linux Kernel Version5.14 Updaterc1

Linux ≫ Linux Kernel Version5.14 Updaterc2

Linux ≫ Linux Kernel Version5.14 Updaterc3

Linux ≫ Linux Kernel Version5.14 Updaterc4

Linux ≫ Linux Kernel Version5.14 Updaterc5

Linux ≫ Linux Kernel Version5.14 Updaterc6

Fedoraproject ≫ Fedora Version33

Fedoraproject ≫ Fedora Version34

Redhat ≫ Software Collections Version-

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Openstack Version13

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Eus Version8.1

Redhat ≫ Enterprise Linux Eus Version8.2

Redhat ≫ Enterprise Linux Eus Version8.4

Redhat ≫ Enterprise Linux For Ibm Z Systems Version7.0

Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.0

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.1

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.2

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.4

Redhat ≫ Enterprise Linux For Power Big Endian Version7.0

Redhat ≫ Enterprise Linux For Power Little Endian Version7.0

Redhat ≫ Enterprise Linux For Power Little Endian Version8.0

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.1

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.2

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.4

Redhat ≫ Enterprise Linux For Real Time Version7

Redhat ≫ Enterprise Linux For Real Time Version8

Redhat ≫ Enterprise Linux For Real Time For Nfv Version7

Redhat ≫ Enterprise Linux For Real Time For Nfv Version8

Redhat ≫ Enterprise Linux For Real Time For Nfv Tus Version8.2

Redhat ≫ Enterprise Linux For Real Time For Nfv Tus Version8.4

Redhat ≫ Enterprise Linux For Real Time Tus Version8.2

Redhat ≫ Enterprise Linux For Real Time Tus Version8.4

Redhat ≫ Enterprise Linux For Scientific Computing Version7.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version7.6

Redhat ≫ Enterprise Linux Server Aus Version7.7

Redhat ≫ Enterprise Linux Server Aus Version8.2

Redhat ≫ Enterprise Linux Server Aus Version8.4

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version7.6

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.1

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.2

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.4

Redhat ≫ Enterprise Linux Server Tus Version7.6

Redhat ≫ Enterprise Linux Server Tus Version7.7

Redhat ≫ Enterprise Linux Server Tus Version8.2

Redhat ≫ Enterprise Linux Server Tus Version8.4

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version7.6

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version7.7

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version8.1

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version8.2

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version8.4

Redhat ≫ Enterprise Linux Workstation Version7.0

Redhat ≫ 3scale Api Management Version2.0

Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Codeready Linux Builder Version-

   Redhat ≫ Enterprise Linux Version8.0
   Redhat ≫ Enterprise Linux Eus Version8.1
   Redhat ≫ Enterprise Linux Eus Version8.2
   Redhat ≫ Enterprise Linux Eus Version8.4
   Redhat ≫ Enterprise Linux For Power Little Endian Version8.0
   Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.1
   Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.2
   Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.4

Redhat ≫ Virtualization Host Version4.0

Redhat ≫ Enterprise Linux Version7.0
Redhat ≫ Enterprise Linux Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.175

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://www.openwall.com/lists/oss-security/2021/08/16/1

Third Party Advisory

Mailing List

https://bugzilla.redhat.com/show_bug.cgi?id=1983988

Third Party Advisory

Issue Tracking

https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc

Patch

Third Party Advisory

https://github.com/torvalds/linux/commit/c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-3656

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-3656

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-3656

EUVD