Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. (CVE-2021-3656)
Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. (CVE-2021-3653)
Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-34693)
Murray McAllister discovered that the joystick device interface in the Linux kernel did not properly validate data passed via an ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code on systems with a joystick device registered. (CVE-2021-3612)
It was discovered that the Virtio console implementation in the Linux kernel did not properly validate input lengths in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2021-38160)
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "binary_version": "4.15.0-1108.122~16.04.1", "binary_name": "linux-buildinfo-4.15.0-1108-gcp" }, { "binary_version": "4.15.0-1108.122~16.04.1", "binary_name": "linux-gcp-headers-4.15.0-1108" }, { "binary_version": "4.15.0-1108.122~16.04.1", "binary_name": "linux-gcp-tools-4.15.0-1108" }, { "binary_version": "4.15.0-1108.122~16.04.1", "binary_name": "linux-headers-4.15.0-1108-gcp" }, { "binary_version": "4.15.0-1108.122~16.04.1", "binary_name": "linux-image-unsigned-4.15.0-1108-gcp" }, { "binary_version": "4.15.0-1108.122~16.04.1", "binary_name": "linux-modules-4.15.0-1108-gcp" }, { "binary_version": "4.15.0-1108.122~16.04.1", "binary_name": "linux-modules-extra-4.15.0-1108-gcp" }, { "binary_version": "4.15.0-1108.122~16.04.1", "binary_name": "linux-tools-4.15.0-1108-gcp" } ] }
{ "ecosystem": "Ubuntu:Pro:16.04:LTS", "cves": [ { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2021-3612" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "high" } ], "id": "CVE-2021-3653" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "high" } ], "id": "CVE-2021-3656" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "type": "Ubuntu", "score": "low" } ], "id": "CVE-2021-34693" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2021-38160" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "4.15.0-1108.122", "binary_name": "linux-buildinfo-4.15.0-1108-gcp" }, { "binary_version": "4.15.0-1108.122", "binary_name": "linux-gcp-4.15-headers-4.15.0-1108" }, { "binary_version": "4.15.0-1108.122", "binary_name": "linux-gcp-4.15-tools-4.15.0-1108" }, { "binary_version": "4.15.0-1108.122", "binary_name": "linux-headers-4.15.0-1108-gcp" }, { "binary_version": "4.15.0-1108.122", "binary_name": "linux-image-unsigned-4.15.0-1108-gcp" }, { "binary_version": "4.15.0-1108.122", "binary_name": "linux-modules-4.15.0-1108-gcp" }, { "binary_version": "4.15.0-1108.122", "binary_name": "linux-modules-extra-4.15.0-1108-gcp" }, { "binary_version": "4.15.0-1108.122", "binary_name": "linux-tools-4.15.0-1108-gcp" } ] }
{ "ecosystem": "Ubuntu:18.04:LTS", "cves": [ { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2021-3612" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "high" } ], "id": "CVE-2021-3653" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "high" } ], "id": "CVE-2021-3656" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "type": "Ubuntu", "score": "low" } ], "id": "CVE-2021-34693" }, { "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "type": "Ubuntu", "score": "medium" } ], "id": "CVE-2021-38160" } ] }