A security issue has been found in the KVM's AMD code for supporting SVM nested virtualization in the Linux kernel before version 5.13.20. This issue is caused by missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. The L2 guest is able to write to a limited but still relatively large subset of the host physical memory. Note that AVIC is currently not supported with nesting and it is not advertised in the L1 CPUID.
A security issue has been found in the KVM's AMD code for supporting SVM nested virtualization in the Linux kernel before version 5.13.20. This issue is caused by missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. The L2 guest is able to write to a limited but still relatively large subset of the host physical memory. Note that AVIC is currently not supported with nesting and it is not advertised in the L1 CPUID.
https://www.openwall.com/lists/oss-security/2021/08/16/1 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.12&id=a0949ee63cf95408870a564ccad163018b1a9e6b https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.60&id=c0883f693187c646c0972d73e525523f9486c2e3
Vulmon