CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/SC:H/VI:H/SI:H/VA:L/SA:L
AI Score
Confidence
High
EPSS
Percentile
35.2%
Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor
implementation for AMD processors in the Linux kernel allowed a guest VM to
disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a
guest VM could use this to read or write portions of the host’s physical
memory. (CVE-2021-3656)
Maxim Levitsky discovered that the KVM hypervisor implementation for AMD
processors in the Linux kernel did not properly prevent a guest VM from
enabling AVIC in nested guest VMs. An attacker in a guest VM could use this
to write to portions of the host’s physical memory. (CVE-2021-3653)
It was discovered that the KVM hypervisor implementation for AMD processors
in the Linux kernel did not ensure enough processing time was given to
perform cleanups of large SEV VMs. A local attacker could use this to cause
a denial of service (soft lockup). (CVE-2020-36311)
It was discovered that the KVM hypervisor implementation in the Linux
kernel did not properly perform reference counting in some situations,
leading to a use-after-free vulnerability. An attacker who could start and
control a VM could possibly use this to expose sensitive information or
execute arbitrary code. (CVE-2021-22543)
Murray McAllister discovered that the joystick device interface in the
Linux kernel did not properly validate data passed via an ioctl(). A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code on systems with a joystick device
registered. (CVE-2021-3612)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 20.04 | noarch | linux-image-5.4.0-1052-gke | < 5.4.0-1052.55 | UNKNOWN |
Ubuntu | 20.04 | noarch | linux-image-5.4.0-1052-gke-dbgsym | < 5.4.0-1052.55 | UNKNOWN |
Ubuntu | 20.04 | noarch | linux-image-5.4.0-84-generic-lpae | < 5.4.0-84.94 | UNKNOWN |
Ubuntu | 20.04 | noarch | block-modules-5.4.0-84-generic-di | < 5.4.0-84.94 | UNKNOWN |
Ubuntu | 20.04 | noarch | crypto-modules-5.4.0-84-generic-di | < 5.4.0-84.94 | UNKNOWN |
Ubuntu | 20.04 | noarch | fat-modules-5.4.0-84-generic-di | < 5.4.0-84.94 | UNKNOWN |
Ubuntu | 20.04 | noarch | fb-modules-5.4.0-84-generic-di | < 5.4.0-84.94 | UNKNOWN |
Ubuntu | 20.04 | noarch | firewire-core-modules-5.4.0-84-generic-di | < 5.4.0-84.94 | UNKNOWN |
Ubuntu | 20.04 | noarch | floppy-modules-5.4.0-84-generic-di | < 5.4.0-84.94 | UNKNOWN |
Ubuntu | 20.04 | noarch | fs-core-modules-5.4.0-84-generic-di | < 5.4.0-84.94 | UNKNOWN |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/SC:H/VI:H/SI:H/VA:L/SA:L
AI Score
Confidence
High
EPSS
Percentile
35.2%