CVE-2021-3653

kernel: SVM nested virtualization issue in KVM (AVIC support)

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.

Se ha encontrado un fallo en el código AMD de KVM para soportar la virtualización anidada SVM. El fallo se produce cuando se procesa el VMCB (bloque de control de la máquina virtual) proporcionado por el huésped L1 para generar/manejar un huésped anidado (L2). Debido a que no se comprueba correctamente el campo "int_ctl", este problema podría permitir a un L1 malicioso habilitar el soporte AVIC (Advanced Virtual Interrupt Controller) para el huésped L2. Como resultado, el invitado L2 podría leer/escribir páginas físicas del anfitrión, resultando en un bloqueo de todo el sistema, un filtrado de datos confidenciales o un posible escape del invitado al anfitrión. Este fallo afecta a las versiones del kernel de Linux anteriores a 5.14-rc7

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-07-19 CVE Reserved
2021-09-08 CVE Published
2024-08-03 CVE Updated
2024-08-03 First Exploit
2024-08-21 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-862: Missing Authorization

CAPEC

References (6)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html	Mailing List
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html	Mailing List

URL	Date	SRC
http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html	2024-08-03

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=1983686	2021-11-23
https://www.openwall.com/lists/oss-security/2021/08/16/1	2023-05-16

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2021-3653	2021-11-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.30 < 4.4.282 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.30 < 4.4.282"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.5 < 4.9.281 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.281"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 4.14.245 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.14.245"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 4.19.205 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 4.19.205"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 5.4.142 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.4.142"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5 < 5.10.60 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 5.10.60"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 5.13.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 5.13.12"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.14 Search vendor "Linux" for product "Linux Kernel" and version "5.14"		rc1		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.14 Search vendor "Linux" for product "Linux Kernel" and version "5.14"		rc2		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.14 Search vendor "Linux" for product "Linux Kernel" and version "5.14"		rc3		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.14 Search vendor "Linux" for product "Linux Kernel" and version "5.14"		rc4		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.14 Search vendor "Linux" for product "Linux Kernel" and version "5.14"		rc5		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.14 Search vendor "Linux" for product "Linux Kernel" and version "5.14"		rc6		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected