USN-5062-1

Details

Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory.

Affected Packages

Ubuntu:Pro:14.04:LTSlinux-aws

Fixed in:

4.4.0-1096.101

Ubuntu:Pro:14.04:LTSlinux-lts-xenial

Fixed in:

4.4.0-214.246~14.04.1

Ubuntu:Pro:16.04:LTSlinux

Fixed in:

4.4.0-214.246

Ubuntu:Pro:16.04:LTSlinux-aws

Fixed in:

4.4.0-1132.146

Ubuntu:Pro:16.04:LTSlinux-kvm

Fixed in:

4.4.0-1097.106

References

REPORThttps://ubuntu.com/security/CVE-2021-3653 ADVISORYhttps://ubuntu.com/security/notices/USN-5062-1

USN-5062-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline