Vulnerability Description
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.13, < 4.14.245 |
| Fedoraproject | Fedora | 33 |
| Redhat | Software Collections | - |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Openstack | 13 |
| Redhat | Enterprise Linux | 8.0 |
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Eus | 8.1 |
| Redhat | Enterprise Linux For Ibm Z Systems | 7.0 |
| Redhat | Enterprise Linux For Ibm Z Systems Eus | 8.1 |
| Redhat | Enterprise Linux For Power Big Endian | 7.0 |
| Redhat | Enterprise Linux For Power Little Endian | 7.0 |
| Redhat | Enterprise Linux For Power Little Endian Eus | 8.1 |
| Redhat | Enterprise Linux For Real Time | 7 |
| Redhat | Enterprise Linux For Real Time For Nfv | 7 |
| Redhat | Enterprise Linux For Real Time For Nfv Tus | 8.2 |
| Redhat | Enterprise Linux For Real Time Tus | 8.2 |
| Redhat | Enterprise Linux For Scientific Computing | 7.0 |
| Redhat | Enterprise Linux Server Aus | 7.6 |
| Redhat | Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | 7.6 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1983988Issue TrackingThird Party Advisory
- https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c7dfa4009965a9b2d7b32PatchThird Party Advisory
- https://github.com/torvalds/linux/commit/c7dfa4009965a9b2d7b329ee970eb8da0d32f0bPatchThird Party Advisory
- https://www.openwall.com/lists/oss-security/2021/08/16/1Mailing ListThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1983988Issue TrackingThird Party Advisory
- https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c7dfa4009965a9b2d7b32PatchThird Party Advisory
- https://github.com/torvalds/linux/commit/c7dfa4009965a9b2d7b329ee970eb8da0d32f0bPatchThird Party Advisory
- https://www.openwall.com/lists/oss-security/2021/08/16/1Mailing ListThird Party Advisory
FAQ
What is CVE-2021-3656?
CVE-2021-3656 is a vulnerability with a CVSS score of 8.8 (HIGH). A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nes...
How severe is CVE-2021-3656?
CVE-2021-3656 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-3656?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Redhat Software Collections, Redhat Enterprise Linux Server, Redhat Openstack.