Vulnetix
Try Vulnetix Request Demo
CVE-2021-29657 PUBLISHED

arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in nested_svm_vmrun.

EPSS 0.04% · 13.1th percentile

Risk Scores

EPSS Score
0.04%
13.1th percentile

Affected Products

VendorProductVersions
Ubuntu:18.04:LTSlinux-oracle-5.35.3.0-1028.30~18.04.1, 5.3.0-1027.29~18.04.1, 5.3.0-1024.26~18.04.1
Ubuntu:18.04:LTSlinux-azure5.0.0-1016.17~18.04.1, 5.0.0-1014.14~18.04.1, 4.18.0-1025.27~18.04.1
Ubuntu:16.04:LTSlinux-hwe-edge4.8.0-34.36~16.04.1, 0, 4.8.0-28.30~16.04.1
Ubuntu:18.04:LTSlinux-gke-4.154.15.0-1040.42, 4.15.0-1057.60, 4.15.0-1058.61
Ubuntu:18.04:LTSlinux-azure-edge5.0.0-1012.12~18.04.2, 4.18.0-1008.8~18.04.1, 4.18.0-1007.7~18.04.1
Ubuntu:18.04:LTSlinux-hwe-edge0, 5.0.0-15.16~18.04.1, 5.0.0-16.17~18.04.1
Ubuntu:18.04:LTSlinux-gcp4.15.0-1044.70, 0, 4.15.0-1001.1
Ubuntu:18.04:LTSlinux-azure-5.35.3.0-1018.19~18.04.1, 5.3.0-1019.20~18.04.1, 5.3.0-1020.21~18.04.1
Ubuntu:18.04:LTSlinux-gcp-5.35.3.0-1016.17~18.04.1, 5.3.0-1018.19~18.04.1, 5.3.0-1020.22~18.04.1
Ubuntu:18.04:LTSlinux-aws-5.30, 5.3.0-1028.30~18.04.1, 5.3.0-1030.32~18.04.1
Ubuntu:18.04:LTSlinux-oracle-5.05.0.0-1008.13~18.04.1, 5.0.0-1007.12~18.04.1, 5.0.0-1009.14~18.04.1
Ubuntu:20.04:LTSlinux-riscv5.4.0-40.45, 5.4.0-39.44, 5.4.0-37.42
Ubuntu:20.04:LTSlinux-oem-5.105.10.0-1021.22, 5.10.0-1022.23, 5.10.0-1023.24
Ubuntu:18.04:LTSlinux-oem4.15.0-1101.112, 4.15.0-1103.114, 0
Ubuntu:18.04:LTSlinux-aws-5.05.0.0-1023.26~18.04.1, 5.0.0-1025.28, 5.0.0-1027.30
Ubuntu:18.04:LTSlinux-gcp-edge4.18.0-1013.14~18.04.1, 4.18.0-1012.13~18.04.1, 4.18.0-1011.12~18.04.1
Ubuntu:18.04:LTSlinux-hwe5.3.0-65.59, 5.3.0-62.56~18.04.1, 5.3.0-61.55~18.04.1
Ubuntu:20.04:LTSlinux-raspi25.4.0-1006.6, 5.4.0-1004.4, 5.3.0-1017.19

Timeline

References

Open in Interactive Console →