← Back

CVE-2021-4093

nvd nist
Published: Feb 18, 2022Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Exploitability: 2.0 / Impact: 6.0
Source: NVD

Description

A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example, outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the entire system or a potential guest-to-host escape scenario.

Affected (5)

Show all products
Linux: Linux Kernel · Redhat: Enterprise Linux · Fedoraproject: Fedora · Canonical: Ubuntu Linux
Linux
1 product
Linux Kernel
Redhat
1 product
Enterprise Linux
Fedoraproject
1 product
Fedora
Canonical
1 product
Ubuntu Linux
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Linux Kernel
From 5.11 to 5.14.16
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Enterprise Linux
Version 8.0
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 35
Configuration D
2 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 20.04
Ubuntu Linux
Version 21.10

Related CWEs

CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

Source: secalert@redhat.com
ExploitMailing ListPatchThird Party Advisory
Source: secalert@redhat.com
Issue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitMailing ListPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.