First published: Thu Sep 16 2021(Updated: )
Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. (CVE-2021-3656) Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. (CVE-2021-3653) Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. (CVE-2021-3609)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/linux-image-oem-20.04c | <5.13.0.1012.16 | 5.13.0.1012.16 |
=20.04 | ||
All of | ||
ubuntu/linux-image-5.13.0-1012-oem | <5.13.0-1012.16 | 5.13.0-1012.16 |
=20.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The severity of USN-5082-1 is high.
USN-5082-1 describes a vulnerability in the Linux kernel that allows an attacker to read or write portions of the host's physical memory.
An attacker can exploit USN-5082-1 by running a malicious guest VM and using it to disable restrictions on VMLOAD/VMSAVE in a nested guest.
The affected software includes the Linux kernel images linux-image-oem-20.04c and linux-image-5.13.0-1012-oem on Ubuntu 20.04.
To fix USN-5082-1, update the affected software to version 5.13.0.1012.16 or later.