Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. (CVE-2021-3656)
Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. (CVE-2021-3653)
It was discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not ensure enough processing time was given to perform cleanups of large SEV VMs. A local attacker could use this to cause a denial of service (soft lockup). (CVE-2020-36311)
It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM could possibly use this to expose sensitive information or execute arbitrary code. (CVE-2021-22543)
Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code on systems with a joystick device registered. (CVE-2021-3612)
{ "availability": "No subscription required", "binaries": [ { "linux-modules-5.4.0-1056-aws": "5.4.0-1056.59~18.04.1", "linux-cloud-tools-5.4.0-1056-aws": "5.4.0-1056.59~18.04.1", "linux-headers-5.4.0-1056-aws": "5.4.0-1056.59~18.04.1", "linux-aws-5.4-tools-5.4.0-1056": "5.4.0-1056.59~18.04.1", "linux-image-5.4.0-1056-aws": "5.4.0-1056.59~18.04.1", "linux-aws-5.4-headers-5.4.0-1056": "5.4.0-1056.59~18.04.1", "linux-tools-5.4.0-1056-aws": "5.4.0-1056.59~18.04.1", "linux-modules-extra-5.4.0-1056-aws": "5.4.0-1056.59~18.04.1", "linux-aws-5.4-cloud-tools-5.4.0-1056": "5.4.0-1056.59~18.04.1", "linux-buildinfo-5.4.0-1056-aws": "5.4.0-1056.59~18.04.1", "linux-image-5.4.0-1056-aws-dbgsym": "5.4.0-1056.59~18.04.1" } ] }
{ "availability": "No subscription required", "binaries": [ { "linux-headers-5.4.0-1058-azure": "5.4.0-1058.60~18.04.1", "linux-image-unsigned-5.4.0-1058-azure": "5.4.0-1058.60~18.04.1", "linux-azure-5.4-headers-5.4.0-1058": "5.4.0-1058.60~18.04.1", "linux-azure-5.4-cloud-tools-5.4.0-1058": "5.4.0-1058.60~18.04.1", "linux-tools-5.4.0-1058-azure": "5.4.0-1058.60~18.04.1", "linux-modules-extra-5.4.0-1058-azure": "5.4.0-1058.60~18.04.1", "linux-image-unsigned-5.4.0-1058-azure-dbgsym": "5.4.0-1058.60~18.04.1", "linux-buildinfo-5.4.0-1058-azure": "5.4.0-1058.60~18.04.1", "linux-modules-5.4.0-1058-azure": "5.4.0-1058.60~18.04.1", "linux-azure-5.4-tools-5.4.0-1058": "5.4.0-1058.60~18.04.1", "linux-cloud-tools-5.4.0-1058-azure": "5.4.0-1058.60~18.04.1" } ] }
{ "availability": "No subscription required", "binaries": [ { "linux-tools-5.4.0-1052-gcp": "5.4.0-1052.56~18.04.1", "linux-gcp-5.4-headers-5.4.0-1052": "5.4.0-1052.56~18.04.1", "linux-headers-5.4.0-1052-gcp": "5.4.0-1052.56~18.04.1", "linux-modules-extra-5.4.0-1052-gcp": "5.4.0-1052.56~18.04.1", "linux-image-unsigned-5.4.0-1052-gcp-dbgsym": "5.4.0-1052.56~18.04.1", "linux-gcp-5.4-tools-5.4.0-1052": "5.4.0-1052.56~18.04.1", "linux-buildinfo-5.4.0-1052-gcp": "5.4.0-1052.56~18.04.1", "linux-image-unsigned-5.4.0-1052-gcp": "5.4.0-1052.56~18.04.1", "linux-modules-5.4.0-1052-gcp": "5.4.0-1052.56~18.04.1" } ] }
{ "availability": "No subscription required", "binaries": [ { "linux-modules-5.4.0-1052-gke": "5.4.0-1052.55~18.04.1", "linux-modules-extra-5.4.0-1052-gke": "5.4.0-1052.55~18.04.1", "linux-gke-5.4-tools-5.4.0-1052": "5.4.0-1052.55~18.04.1", "linux-image-unsigned-5.4.0-1052-gke": "5.4.0-1052.55~18.04.1", "linux-headers-5.4.0-1052-gke": "5.4.0-1052.55~18.04.1", "linux-tools-5.4.0-1052-gke": "5.4.0-1052.55~18.04.1", "linux-image-unsigned-5.4.0-1052-gke-dbgsym": "5.4.0-1052.55~18.04.1", "linux-gke-5.4-headers-5.4.0-1052": "5.4.0-1052.55~18.04.1", "linux-buildinfo-5.4.0-1052-gke": "5.4.0-1052.55~18.04.1" } ] }
{ "availability": "No subscription required", "binaries": [ { "linux-headers-5.4.0-1023-gkeop": "5.4.0-1023.24~18.04.1", "linux-gkeop-5.4-cloud-tools-5.4.0-1023": "5.4.0-1023.24~18.04.1", "linux-tools-5.4.0-1023-gkeop": "5.4.0-1023.24~18.04.1", "linux-modules-extra-5.4.0-1023-gkeop": "5.4.0-1023.24~18.04.1", "linux-modules-5.4.0-1023-gkeop": "5.4.0-1023.24~18.04.1", "linux-gkeop-5.4-source-5.4.0": "5.4.0-1023.24~18.04.1", "linux-cloud-tools-5.4.0-1023-gkeop": "5.4.0-1023.24~18.04.1", "linux-image-unsigned-5.4.0-1023-gkeop-dbgsym": "5.4.0-1023.24~18.04.1", "linux-buildinfo-5.4.0-1023-gkeop": "5.4.0-1023.24~18.04.1", "linux-gkeop-5.4-tools-5.4.0-1023": "5.4.0-1023.24~18.04.1", "linux-image-unsigned-5.4.0-1023-gkeop": "5.4.0-1023.24~18.04.1", "linux-gkeop-5.4-headers-5.4.0-1023": "5.4.0-1023.24~18.04.1" } ] }
{ "availability": "No subscription required", "binaries": [ { "linux-buildinfo-5.4.0-1054-oracle": "5.4.0-1054.58~18.04.1", "linux-tools-5.4.0-1054-oracle": "5.4.0-1054.58~18.04.1", "linux-image-unsigned-5.4.0-1054-oracle-dbgsym": "5.4.0-1054.58~18.04.1", "linux-oracle-5.4-headers-5.4.0-1054": "5.4.0-1054.58~18.04.1", "linux-oracle-5.4-tools-5.4.0-1054": "5.4.0-1054.58~18.04.1", "linux-image-unsigned-5.4.0-1054-oracle": "5.4.0-1054.58~18.04.1", "linux-modules-5.4.0-1054-oracle": "5.4.0-1054.58~18.04.1", "linux-modules-extra-5.4.0-1054-oracle": "5.4.0-1054.58~18.04.1", "linux-headers-5.4.0-1054-oracle": "5.4.0-1054.58~18.04.1" } ] }
{ "availability": "No subscription required", "binaries": [ { "linux-cloud-tools-5.4.0-84-generic": "5.4.0-84.94", "linux-image-5.4.0-84-generic-lpae-dbgsym": "5.4.0-84.94", "kernel-image-5.4.0-84-generic-lpae-di": "5.4.0-84.94", "fs-secondary-modules-5.4.0-84-generic-di": "5.4.0-84.94", "nic-modules-5.4.0-84-generic-di": "5.4.0-84.94", "linux-image-5.4.0-84-generic-lpae": "5.4.0-84.94", "parport-modules-5.4.0-84-generic-lpae-di": "5.4.0-84.94", "linux-tools-5.4.0-84": "5.4.0-84.94", "linux-udebs-generic": "5.4.0-84.94", "pcmcia-modules-5.4.0-84-generic-di": "5.4.0-84.94", "nfs-modules-5.4.0-84-generic-di": "5.4.0-84.94", "linux-image-5.4.0-84-generic": "5.4.0-84.94", "block-modules-5.4.0-84-generic-lpae-di": "5.4.0-84.94", "ppp-modules-5.4.0-84-generic-di": "5.4.0-84.94", "linux-headers-5.4.0-84-generic-lpae": "5.4.0-84.94", "fs-core-modules-5.4.0-84-generic-di": "5.4.0-84.94", "linux-headers-5.4.0-84-generic": "5.4.0-84.94", "mouse-modules-5.4.0-84-generic-di": "5.4.0-84.94", "crypto-modules-5.4.0-84-generic-di": "5.4.0-84.94", "linux-tools-5.4.0-84-lowlatency": "5.4.0-84.94", "crypto-modules-5.4.0-84-generic-lpae-di": "5.4.0-84.94", "serial-modules-5.4.0-84-generic-di": "5.4.0-84.94", "plip-modules-5.4.0-84-generic-di": "5.4.0-84.94", "dasd-modules-5.4.0-84-generic-di": "5.4.0-84.94", "storage-core-modules-5.4.0-84-generic-lpae-di": "5.4.0-84.94", "nic-pcmcia-modules-5.4.0-84-generic-di": "5.4.0-84.94", "linux-image-unsigned-5.4.0-84-generic-dbgsym": "5.4.0-84.94", "md-modules-5.4.0-84-generic-lpae-di": "5.4.0-84.94", "ipmi-modules-5.4.0-84-generic-di": "5.4.0-84.94", "linux-modules-5.4.0-84-generic-lpae": "5.4.0-84.94", "scsi-modules-5.4.0-84-generic-di": "5.4.0-84.94", "nic-modules-5.4.0-84-generic-lpae-di": "5.4.0-84.94", "linux-buildinfo-5.4.0-84-generic": "5.4.0-84.94", "linux-buildinfo-5.4.0-84-generic-lpae": "5.4.0-84.94", "linux-image-unsigned-5.4.0-84-lowlatency": "5.4.0-84.94", "sata-modules-5.4.0-84-generic-di": "5.4.0-84.94", "linux-cloud-tools-5.4.0-84-lowlatency": "5.4.0-84.94", "nfs-modules-5.4.0-84-generic-lpae-di": "5.4.0-84.94", "nic-usb-modules-5.4.0-84-generic-di": "5.4.0-84.94", "floppy-modules-5.4.0-84-generic-di": "5.4.0-84.94", "linux-headers-5.4.0-84": "5.4.0-84.94", "multipath-modules-5.4.0-84-generic-di": "5.4.0-84.94", "virtio-modules-5.4.0-84-generic-di": "5.4.0-84.94", "input-modules-5.4.0-84-generic-lpae-di": "5.4.0-84.94", "linux-image-unsigned-5.4.0-84-lowlatency-dbgsym": "5.4.0-84.94", "scsi-modules-5.4.0-84-generic-lpae-di": "5.4.0-84.94", "linux-image-unsigned-5.4.0-84-generic": "5.4.0-84.94", "ppp-modules-5.4.0-84-generic-lpae-di": "5.4.0-84.94", "plip-modules-5.4.0-84-generic-lpae-di": "5.4.0-84.94", "linux-cloud-tools-common": "5.4.0-84.94", "nic-shared-modules-5.4.0-84-generic-di": "5.4.0-84.94", "fs-secondary-modules-5.4.0-84-generic-lpae-di": "5.4.0-84.94", "fs-core-modules-5.4.0-84-generic-lpae-di": "5.4.0-84.94", "linux-source-5.4.0": "5.4.0-84.94", "linux-modules-extra-5.4.0-84-generic": "5.4.0-84.94", "md-modules-5.4.0-84-generic-di": "5.4.0-84.94", "linux-doc": "5.4.0-84.94", "fb-modules-5.4.0-84-generic-di": "5.4.0-84.94", "parport-modules-5.4.0-84-generic-di": "5.4.0-84.94", "linux-libc-dev": "5.4.0-84.94", "nic-usb-modules-5.4.0-84-generic-lpae-di": "5.4.0-84.94", "firewire-core-modules-5.4.0-84-generic-di": "5.4.0-84.94", "linux-headers-5.4.0-84-lowlatency": "5.4.0-84.94", "block-modules-5.4.0-84-generic-di": "5.4.0-84.94", "pata-modules-5.4.0-84-generic-di": "5.4.0-84.94", "linux-buildinfo-5.4.0-84-lowlatency": "5.4.0-84.94", "input-modules-5.4.0-84-generic-di": "5.4.0-84.94", "fat-modules-5.4.0-84-generic-di": "5.4.0-84.94", "message-modules-5.4.0-84-generic-di": "5.4.0-84.94", "vlan-modules-5.4.0-84-generic-di": "5.4.0-84.94", "pcmcia-storage-modules-5.4.0-84-generic-di": "5.4.0-84.94", "linux-tools-host": "5.4.0-84.94", "linux-modules-5.4.0-84-generic": "5.4.0-84.94", "storage-core-modules-5.4.0-84-generic-di": "5.4.0-84.94", "linux-cloud-tools-5.4.0-84": "5.4.0-84.94", "fat-modules-5.4.0-84-generic-lpae-di": "5.4.0-84.94", "linux-tools-5.4.0-84-generic": "5.4.0-84.94", "kernel-image-5.4.0-84-generic-di": "5.4.0-84.94", "linux-udebs-generic-lpae": "5.4.0-84.94", "usb-modules-5.4.0-84-generic-di": "5.4.0-84.94", "sata-modules-5.4.0-84-generic-lpae-di": "5.4.0-84.94", "nic-shared-modules-5.4.0-84-generic-lpae-di": "5.4.0-84.94", "mouse-modules-5.4.0-84-generic-lpae-di": "5.4.0-84.94", "linux-tools-5.4.0-84-generic-lpae": "5.4.0-84.94", "dasd-extra-modules-5.4.0-84-generic-di": "5.4.0-84.94", "ipmi-modules-5.4.0-84-generic-lpae-di": "5.4.0-84.94", "multipath-modules-5.4.0-84-generic-lpae-di": "5.4.0-84.94", "linux-modules-5.4.0-84-lowlatency": "5.4.0-84.94", "usb-modules-5.4.0-84-generic-lpae-di": "5.4.0-84.94", "linux-tools-common": "5.4.0-84.94", "vlan-modules-5.4.0-84-generic-lpae-di": "5.4.0-84.94", "linux-image-5.4.0-84-generic-dbgsym": "5.4.0-84.94" } ] }
{ "availability": "No subscription required", "binaries": [ { "linux-modules-5.4.0-1056-aws": "5.4.0-1056.59", "linux-aws-tools-5.4.0-1056": "5.4.0-1056.59", "linux-cloud-tools-5.4.0-1056-aws": "5.4.0-1056.59", "linux-headers-5.4.0-1056-aws": "5.4.0-1056.59", "linux-image-5.4.0-1056-aws": "5.4.0-1056.59", "linux-modules-extra-5.4.0-1056-aws": "5.4.0-1056.59", "linux-tools-5.4.0-1056-aws": "5.4.0-1056.59", "linux-aws-cloud-tools-5.4.0-1056": "5.4.0-1056.59", "linux-aws-headers-5.4.0-1056": "5.4.0-1056.59", "linux-buildinfo-5.4.0-1056-aws": "5.4.0-1056.59", "linux-image-5.4.0-1056-aws-dbgsym": "5.4.0-1056.59" } ] }
{ "availability": "No subscription required", "binaries": [ { "linux-headers-5.4.0-1058-azure": "5.4.0-1058.60", "linux-image-unsigned-5.4.0-1058-azure": "5.4.0-1058.60", "linux-tools-5.4.0-1058-azure": "5.4.0-1058.60", "linux-azure-headers-5.4.0-1058": "5.4.0-1058.60", "linux-modules-extra-5.4.0-1058-azure": "5.4.0-1058.60", "linux-image-unsigned-5.4.0-1058-azure-dbgsym": "5.4.0-1058.60", "linux-azure-cloud-tools-5.4.0-1058": "5.4.0-1058.60", "linux-buildinfo-5.4.0-1058-azure": "5.4.0-1058.60", "linux-modules-5.4.0-1058-azure": "5.4.0-1058.60", "linux-azure-tools-5.4.0-1058": "5.4.0-1058.60", "linux-cloud-tools-5.4.0-1058-azure": "5.4.0-1058.60" } ] }
{ "availability": "No subscription required", "binaries": [ { "linux-tools-5.4.0-1052-gcp": "5.4.0-1052.56", "linux-gcp-tools-5.4.0-1052": "5.4.0-1052.56", "linux-headers-5.4.0-1052-gcp": "5.4.0-1052.56", "linux-gcp-headers-5.4.0-1052": "5.4.0-1052.56", "linux-image-unsigned-5.4.0-1052-gcp-dbgsym": "5.4.0-1052.56", "linux-modules-extra-5.4.0-1052-gcp": "5.4.0-1052.56", "linux-buildinfo-5.4.0-1052-gcp": "5.4.0-1052.56", "linux-image-unsigned-5.4.0-1052-gcp": "5.4.0-1052.56", "linux-modules-5.4.0-1052-gcp": "5.4.0-1052.56" } ] }
{ "availability": "No subscription required", "binaries": [ { "linux-modules-5.4.0-1052-gke": "5.4.0-1052.55", "linux-modules-extra-5.4.0-1052-gke": "5.4.0-1052.55", "linux-image-unsigned-5.4.0-1052-gke": "5.4.0-1052.55", "linux-headers-5.4.0-1052-gke": "5.4.0-1052.55", "linux-tools-5.4.0-1052-gke": "5.4.0-1052.55", "linux-gke-tools-5.4.0-1052": "5.4.0-1052.55", "linux-image-unsigned-5.4.0-1052-gke-dbgsym": "5.4.0-1052.55", "linux-gke-headers-5.4.0-1052": "5.4.0-1052.55", "linux-buildinfo-5.4.0-1052-gke": "5.4.0-1052.55" } ] }
{ "availability": "No subscription required", "binaries": [ { "linux-headers-5.4.0-1023-gkeop": "5.4.0-1023.24", "linux-gkeop-cloud-tools-5.4.0-1023": "5.4.0-1023.24", "linux-tools-5.4.0-1023-gkeop": "5.4.0-1023.24", "linux-modules-extra-5.4.0-1023-gkeop": "5.4.0-1023.24", "linux-gkeop-source-5.4.0": "5.4.0-1023.24", "linux-modules-5.4.0-1023-gkeop": "5.4.0-1023.24", "linux-gkeop-tools-5.4.0-1023": "5.4.0-1023.24", "linux-cloud-tools-5.4.0-1023-gkeop": "5.4.0-1023.24", "linux-image-unsigned-5.4.0-1023-gkeop-dbgsym": "5.4.0-1023.24", "linux-buildinfo-5.4.0-1023-gkeop": "5.4.0-1023.24", "linux-image-unsigned-5.4.0-1023-gkeop": "5.4.0-1023.24", "linux-gkeop-headers-5.4.0-1023": "5.4.0-1023.24" } ] }
{ "availability": "No subscription required", "binaries": [ { "linux-modules-5.4.0-1046-kvm": "5.4.0-1046.48", "linux-image-unsigned-5.4.0-1046-kvm-dbgsym": "5.4.0-1046.48", "linux-tools-5.4.0-1046-kvm": "5.4.0-1046.48", "linux-kvm-tools-5.4.0-1046": "5.4.0-1046.48", "linux-kvm-headers-5.4.0-1046": "5.4.0-1046.48", "linux-buildinfo-5.4.0-1046-kvm": "5.4.0-1046.48", "linux-headers-5.4.0-1046-kvm": "5.4.0-1046.48", "linux-image-unsigned-5.4.0-1046-kvm": "5.4.0-1046.48" } ] }
{ "availability": "No subscription required", "binaries": [ { "linux-buildinfo-5.4.0-1054-oracle": "5.4.0-1054.58", "linux-tools-5.4.0-1054-oracle": "5.4.0-1054.58", "linux-image-unsigned-5.4.0-1054-oracle-dbgsym": "5.4.0-1054.58", "linux-oracle-tools-5.4.0-1054": "5.4.0-1054.58", "linux-oracle-headers-5.4.0-1054": "5.4.0-1054.58", "linux-image-unsigned-5.4.0-1054-oracle": "5.4.0-1054.58", "linux-modules-5.4.0-1054-oracle": "5.4.0-1054.58", "linux-modules-extra-5.4.0-1054-oracle": "5.4.0-1054.58", "linux-headers-5.4.0-1054-oracle": "5.4.0-1054.58" } ] }