Main Vulnerability Database Vulnerabilities #VU56904

Security restrictions bypass in Linux kernel - CVE-2021-3653

Published: September 28, 2021

Vulnerability identifier: #VU56904

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-3653

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a malicious guest to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions within the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest.

As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.

How to mitigate CVE-2021-3653

Install updates from vendor's website.

Sources

https://bugzilla.redhat.com/show_bug.cgi?id=1983686

Security restrictions bypass in Linux kernel - CVE-2021-3653

Detailed vulnerability description

How to mitigate CVE-2021-3653

Sources

Please verify you're human