- Vulnerability/
- USN-5072-1
USN-5072-1: Linux kernel vulnerabilities
First published: Wed Sep 08 2021(Updated: )
Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. (CVE-2021-3656) Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. (CVE-2021-3653)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/linux-image-oem-20.04b | <5.10.0.1045.47 | 5.10.0.1045.47 |
| =20.04 | ||
| All of | ||
| ubuntu/linux-image-5.10.0-1045-oem | <5.10.0-1045.47 | 5.10.0-1045.47 |
| =20.04 | ||
| All of | ||
| ubuntu/linux-image-oem-20.04 | <5.10.0.1045.47 | 5.10.0.1045.47 |
| =20.04 | ||
| All of | ||
| ubuntu/linux-image-5.8.0-1041-azure | <5.8.0-1041.44~20.04.1 | 5.8.0-1041.44~20.04.1 |
| =20.04 | ||
| All of | ||
| ubuntu/linux-image-azure | <5.8.0.1041.44~20.04.13 | 5.8.0.1041.44~20.04.13 |
| =20.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2021-3656
- https://ubuntu.com/security/CVE-2021-3653
- https://ubuntu.com/security/notices/USN-5070-1
- https://ubuntu.com/security/notices/USN-5071-1
- https://ubuntu.com/security/notices/USN-5073-1
- https://ubuntu.com/security/notices/LSN-0081-1
- https://ubuntu.com/security/notices/USN-5071-2
- https://ubuntu.com/security/notices/USN-5082-1
- https://ubuntu.com/security/notices/USN-5073-2
- https://ubuntu.com/security/notices/USN-5062-1
- https://ubuntu.com/security/notices/LSN-0083-1
- https://launchpad.net/ubuntu/+source/linux-meta-oem-5.10/5.10.0.1045.47
- https://launchpad.net/ubuntu/+source/linux-signed-oem-5.10/5.10.0-1045.47
- https://launchpad.net/ubuntu/+source/linux-signed-azure-5.8/5.8.0-1041.44~20.04.1
- https://launchpad.net/ubuntu/+source/linux-meta-azure-5.8/5.8.0.1041.44~20.04.13
- https://ubuntu.com/security/notices/USN-5072-1 (Advisory)
Frequently Asked Questions
What is the vulnerability ID for this security notice?
The vulnerability ID for this security notice is USN-5072-1.
What is the title of this security notice?
The title of this security notice is USN-5072-1: Linux kernel vulnerabilities.
Who discovered the vulnerabilities mentioned in this security notice?
The vulnerabilities mentioned in this security notice were discovered by Maxim Levitsky and Paolo Bonzini.
What can an attacker do with this vulnerability?
An attacker in a guest VM could use this vulnerability to read or write portions of the host's physical memory.
How can I fix this vulnerability?
To fix this vulnerability, update the affected software to version 5.10.0.1045.47 or later.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- anchor-related/USN-5070-1
- anchor-related/USN-5071-1
- anchor-related/USN-5073-1
- anchor-related/USN-5071-2
- anchor-related/USN-5082-1
- anchor-related/USN-5073-2
- anchor-related/USN-5062-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/20.04