Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. (CVE-2021-3656)
Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. (CVE-2021-3653)
{ "availability": "No subscription required", "binaries": [ { "linux-modules-extra-5.8.0-1041-azure": "5.8.0-1041.44~20.04.1", "linux-image-unsigned-5.8.0-1041-azure-dbgsym": "5.8.0-1041.44~20.04.1", "linux-buildinfo-5.8.0-1041-azure": "5.8.0-1041.44~20.04.1", "linux-headers-5.8.0-1041-azure": "5.8.0-1041.44~20.04.1", "linux-image-unsigned-5.8.0-1041-azure": "5.8.0-1041.44~20.04.1", "linux-cloud-tools-5.8.0-1041-azure": "5.8.0-1041.44~20.04.1", "linux-azure-5.8-cloud-tools-5.8.0-1041": "5.8.0-1041.44~20.04.1", "linux-azure-5.8-tools-5.8.0-1041": "5.8.0-1041.44~20.04.1", "linux-azure-5.8-headers-5.8.0-1041": "5.8.0-1041.44~20.04.1", "linux-tools-5.8.0-1041-azure": "5.8.0-1041.44~20.04.1", "linux-modules-5.8.0-1041-azure": "5.8.0-1041.44~20.04.1" } ] }
{ "availability": "No subscription required", "binaries": [ { "linux-oem-5.10-tools-host": "5.10.0-1045.47", "linux-headers-5.10.0-1045-oem": "5.10.0-1045.47", "linux-image-unsigned-5.10.0-1045-oem-dbgsym": "5.10.0-1045.47", "linux-oem-5.10-tools-5.10.0-1045": "5.10.0-1045.47", "linux-image-unsigned-5.10.0-1045-oem": "5.10.0-1045.47", "linux-buildinfo-5.10.0-1045-oem": "5.10.0-1045.47", "linux-oem-5.10-headers-5.10.0-1045": "5.10.0-1045.47", "linux-tools-5.10.0-1045-oem": "5.10.0-1045.47", "linux-modules-5.10.0-1045-oem": "5.10.0-1045.47" } ] }