Published: 22/07/2021 Updated: 19/05/2023

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7.4 | Impact Score: 5.9 | Exploitability Score: 1.4

VMScore: 615

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

arch/x86/kvm/svm/nested.c in the Linux kernel prior to 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in nested_svm_vmrun.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

A security issue was found in the Linux kernel There is a race condition between check and use of the nested VMCB controls in KVM ...

CWE-416 CWE-367 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a58d9166a756a0f4a6618e4f593232593d6df134 https://bugs.chromium.org/p/project-zero/issues/detail?id=2177 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.12 http://packetstormsecurity.com/files/163324/KVM-nested_svm_vmrun-Double-Fetch.html https://security.netapp.com/advisory/ntap-20210902-0008/https://nvd.nist.gov https://security.archlinux.org/CVE-2021-29657

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-29657

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect