fkie_cve-2021-3656
Vulnerability from fkie_nvd
Published
2022-03-04 19:15
Modified
2024-11-21 06:22
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.
References
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1983988Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c7dfa4009965a9b2d7b329ee970eb8da0d32f0bcPatch, Third Party Advisory
secalert@redhat.comhttps://github.com/torvalds/linux/commit/c7dfa4009965a9b2d7b329ee970eb8da0d32f0bcPatch, Third Party Advisory
secalert@redhat.comhttps://www.openwall.com/lists/oss-security/2021/08/16/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1983988Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c7dfa4009965a9b2d7b329ee970eb8da0d32f0bcPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/torvalds/linux/commit/c7dfa4009965a9b2d7b329ee970eb8da0d32f0bcPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.openwall.com/lists/oss-security/2021/08/16/1Mailing List, Third Party Advisory
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel 5.14
linux linux_kernel 5.14
linux linux_kernel 5.14
linux linux_kernel 5.14
linux linux_kernel 5.14
linux linux_kernel 5.14
linux linux_kernel 5.14
fedoraproject fedora 33
fedoraproject fedora 34
redhat software_collections -
redhat enterprise_linux_server 7.0
redhat openstack 13
redhat enterprise_linux 8.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 8.1
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_for_ibm_z_systems 7.0
redhat enterprise_linux_for_ibm_z_systems 8.0
redhat enterprise_linux_for_ibm_z_systems_eus 8.1
redhat enterprise_linux_for_ibm_z_systems_eus 8.2
redhat enterprise_linux_for_ibm_z_systems_eus 8.4
redhat enterprise_linux_for_power_big_endian 7.0
redhat enterprise_linux_for_power_little_endian 7.0
redhat enterprise_linux_for_power_little_endian 8.0
redhat enterprise_linux_for_power_little_endian_eus 8.1
redhat enterprise_linux_for_power_little_endian_eus 8.2
redhat enterprise_linux_for_power_little_endian_eus 8.4
redhat enterprise_linux_for_real_time 7
redhat enterprise_linux_for_real_time 8
redhat enterprise_linux_for_real_time_for_nfv 7
redhat enterprise_linux_for_real_time_for_nfv 8
redhat enterprise_linux_for_real_time_for_nfv_tus 8.2
redhat enterprise_linux_for_real_time_for_nfv_tus 8.4
redhat enterprise_linux_for_real_time_tus 8.2
redhat enterprise_linux_for_real_time_tus 8.4
redhat enterprise_linux_for_scientific_computing 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 7.6
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.1
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.2
redhat enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_update_services_for_sap_solutions 7.6
redhat enterprise_linux_server_update_services_for_sap_solutions 7.7
redhat enterprise_linux_server_update_services_for_sap_solutions 8.1
redhat enterprise_linux_server_update_services_for_sap_solutions 8.2
redhat enterprise_linux_server_update_services_for_sap_solutions 8.4
redhat enterprise_linux_workstation 7.0
redhat 3scale_api_management 2.0
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
redhat codeready_linux_builder -
redhat enterprise_linux 8.0
redhat enterprise_linux_eus 8.1
redhat enterprise_linux_eus 8.2
redhat enterprise_linux_eus 8.4
redhat enterprise_linux_for_power_little_endian 8.0
redhat enterprise_linux_for_power_little_endian_eus 8.1
redhat enterprise_linux_for_power_little_endian_eus 8.2
redhat enterprise_linux_for_power_little_endian_eus 8.4
redhat virtualization_host 4.0
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "46647E49-211F-401B-B550-1C33058B2150",
              "versionEndExcluding": "4.14.245",
              "versionStartIncluding": "4.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DFB089B-C0CD-422B-9182-497E5451AD10",
              "versionEndExcluding": "4.19.205",
              "versionStartIncluding": "4.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BABFD545-0405-4B3C-89BF-B7B0A9A5DCDF",
              "versionEndExcluding": "5.4.142",
              "versionStartIncluding": "4.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "58120FFF-3B1B-4287-A7D3-657641443823",
              "versionEndExcluding": "5.10.60",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C31610D4-4A14-453C-8ECC-AFF86AC4D24D",
              "versionEndExcluding": "5.13.12",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.14:-:*:*:*:*:*:*",
              "matchCriteriaId": "6A05198E-F8FA-4517-8D0E-8C95066AED38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.14:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "71268287-21A8-4488-AA4F-23C473153131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.14:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "23B9E5C6-FAB5-4A02-9E39-27C8787B0991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.14:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "D185CF67-7E4A-4154-93DB-CE379C67DB56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.14:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "D1DA0AF6-02F4-47C7-A318-8C006ED0C665",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.14:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "49DD30B1-8C99-4C38-A66B-CAB3827BEE8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.14:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "15013998-4AF0-4CDC-AB13-829ECD8A8E66",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "749804DA-4B27-492A-9ABA-6BB562A6B3AC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*",
              "matchCriteriaId": "704CFA1A-953E-4105-BFBE-406034B83DED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "566507B6-AC95-47F7-A3FB-C6F414E45F51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "87C21FE1-EA5C-498F-9C6C-D05F91A88217",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "280D547B-F204-4848-9262-A103176B740C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AB105EC-19F9-424A-86F1-305A6FD74A9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C9BD9AE-46FC-4609-8D99-A3CFE91D58D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CDCFF34-6F1D-45A1-BE37-6A0E17B04801",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "47811209-5CE5-4375-8391-B0A7F6A0E420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EB6F417-25D0-4A28-B7BA-D21929EAA9E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5C80DB2-4A78-4EC9-B2A8-1E4D902C4834",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "983533DD-3970-4A37-9A9C-582BD48AA1E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2B15608-BABC-4663-A58F-B74BD2D1A734",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBF9BCF3-187F-410A-96CA-9C47D3ED6924",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:7:*:*:*:*:*:*:*",
              "matchCriteriaId": "36E85B24-30F2-42AB-9F68-8668C0FCC5E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5CB3640-F55B-4127-875A-2F52D873D179",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "77C61DDC-81F3-4E2D-9CAA-17A256C85443",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B0DA79-DF12-4418-B075-F048C9E2979A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B92409A9-0D6B-4B7E-8847-1B63837D201F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5C5860E-9FEB-4259-92FD-A85911E2F99E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37CE1DC7-72C5-483C-8921-0B462C8284D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B5CF5A-D48E-4AD0-91E2-F5BDD44B7A66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DF2B9A2-8CA6-4EDF-9975-07265E363ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DA6A5AF-2EBE-4ED9-B312-DCD9D150D031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "22D095ED-9247-4133-A133-73B7668565E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C450C83-695F-4408-8B4F-0E7D6DDAE345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3707B08D-8A78-48CB-914C-33A753D13FC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "48C2E003-A71C-4D06-B8B3-F93160568182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3921C1CF-A16D-4727-99AD-03EFFA7C91CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC6DD887-9744-43EA-8B3C-44C6B6339590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:3scale_api_management:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5434CC8-66E0-4378-AAB3-B2FECDDE61BB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CD81C46-328B-412D-AF4E-68A2AD2F1A73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "47811209-5CE5-4375-8391-B0A7F6A0E420",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EB6F417-25D0-4A28-B7BA-D21929EAA9E9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5C80DB2-4A78-4EC9-B2A8-1E4D902C4834",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "983533DD-3970-4A37-9A9C-582BD48AA1E5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in the KVM\u0027s AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"virt_ext\" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape."
    },
    {
      "lang": "es",
      "value": "Se ha encontrado un fallo en el c\u00f3digo AMD de KVM para soportar la virtualizaci\u00f3n anidada SVM. El fallo es producido cuando es procesado el VMCB (bloque de control de la m\u00e1quina virtual) proporcionado por el hu\u00e9sped L1 para generar/manejar un hu\u00e9sped anidado (L2). Debido a que no es comprobado apropiadamente el campo \"virt_ext\", este problema podr\u00eda permitir a un L1 malicioso deshabilitar tanto las intercepciones VMLOAD/VMSAVE como el VLS (Virtual VMLOAD/VMSAVE) para el hu\u00e9sped L2. Como resultado, el invitado L2 podr\u00eda leer/escribir p\u00e1ginas f\u00edsicas del anfitri\u00f3n, resultando en un bloqueo de todo el sistema, un filtrado de datos confidenciales o un potencial escape del invitado al anfitri\u00f3n"
    }
  ],
  "id": "CVE-2021-3656",
  "lastModified": "2024-11-21T06:22:05.187",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-03-04T19:15:08.677",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983988"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2021/08/16/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983988"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2021/08/16/1"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.