First published: Wed Sep 08 2021(Updated: )
Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. (CVE-2021-3656) Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. (CVE-2021-3653)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/linux-image-oem-20.04b | <5.10.0.1045.47 | 5.10.0.1045.47 |
=20.04 | ||
All of | ||
ubuntu/linux-image-5.10.0-1045-oem | <5.10.0-1045.47 | 5.10.0-1045.47 |
=20.04 | ||
All of | ||
ubuntu/linux-image-oem-20.04 | <5.10.0.1045.47 | 5.10.0.1045.47 |
=20.04 | ||
All of | ||
ubuntu/linux-image-5.8.0-1041-azure | <5.8.0-1041.44~20.04.1 | 5.8.0-1041.44~20.04.1 |
=20.04 | ||
All of | ||
ubuntu/linux-image-azure | <5.8.0.1041.44~20.04.13 | 5.8.0.1041.44~20.04.13 |
=20.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this security notice is USN-5072-1.
The title of this security notice is USN-5072-1: Linux kernel vulnerabilities.
The vulnerabilities mentioned in this security notice were discovered by Maxim Levitsky and Paolo Bonzini.
An attacker in a guest VM could use this vulnerability to read or write portions of the host's physical memory.
To fix this vulnerability, update the affected software to version 5.10.0.1045.47 or later.