USN-5072-1

Details

Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. (CVE-2021-3656)

Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. (CVE-2021-3653)

Affected Packages

Ubuntu:20.04:LTSlinux-azure-5.8

Fixed in:

5.8.0-1041.44~20.04.1

Ubuntu:20.04:LTSlinux-oem-5.10

Fixed in:

5.10.0-1045.47

References

REPORThttps://ubuntu.com/security/CVE-2021-3653 REPORThttps://ubuntu.com/security/CVE-2021-3656 ADVISORYhttps://ubuntu.com/security/notices/USN-5072-1

USN-5072-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline