ID

VAR-202107-1361

CVE

CVE-2021-33909

TITLE

Linux kernel Input validation error vulnerability

DESCRIPTION

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. 6 ELS) - i386, s390x, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2021:2718-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2718 Issue date: 2021-07-20 CVE Names: CVE-2020-25704 CVE-2020-26541 CVE-2020-35508 CVE-2021-33034 CVE-2021-33909 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v. 8.2) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. Security Fix(es): * kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909) * kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034) * kernel: perf_event_parse_addr_filter memory (CVE-2020-25704) * kernel: security bypass in certs/blacklist.c and certs/system_keyring.c (CVE-2020-26541) * kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting - ->real_parent (CVE-2020-35508) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * RHEL8.2 Snapshot2 - tpm: ibmvtpm: Wait for buffer to be set before proceeding (BZ#1933986) * fnic crash from invalid request pointer (BZ#1961707) * [Azure][RHEL8.4] Two Patches Needed To Enable Azure Host Time-syncing in VMs (BZ#1963051) * RHEL kernel 8.2 and higher are affected by data corruption bug in raid1 arrays using bitmaps. (BZ#1969338) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1886285 - CVE-2020-26541 kernel: security bypass in certs/blacklist.c and certs/system_keyring.c 1895961 - CVE-2020-25704 kernel: perf_event_parse_addr_filter memory 1902724 - CVE-2020-35508 kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent 1961305 - CVE-2021-33034 kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan 1970273 - CVE-2021-33909 kernel: size_t-to-int conversion vulnerability in the filesystem layer 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.2): Source: kernel-4.18.0-193.60.2.el8_2.src.rpm aarch64: bpftool-4.18.0-193.60.2.el8_2.aarch64.rpm bpftool-debuginfo-4.18.0-193.60.2.el8_2.aarch64.rpm kernel-4.18.0-193.60.2.el8_2.aarch64.rpm kernel-core-4.18.0-193.60.2.el8_2.aarch64.rpm kernel-cross-headers-4.18.0-193.60.2.el8_2.aarch64.rpm kernel-debug-4.18.0-193.60.2.el8_2.aarch64.rpm kernel-debug-core-4.18.0-193.60.2.el8_2.aarch64.rpm kernel-debug-debuginfo-4.18.0-193.60.2.el8_2.aarch64.rpm kernel-debug-devel-4.18.0-193.60.2.el8_2.aarch64.rpm kernel-debug-modules-4.18.0-193.60.2.el8_2.aarch64.rpm kernel-debug-modules-extra-4.18.0-193.60.2.el8_2.aarch64.rpm kernel-debuginfo-4.18.0-193.60.2.el8_2.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-193.60.2.el8_2.aarch64.rpm kernel-devel-4.18.0-193.60.2.el8_2.aarch64.rpm kernel-headers-4.18.0-193.60.2.el8_2.aarch64.rpm kernel-modules-4.18.0-193.60.2.el8_2.aarch64.rpm kernel-modules-extra-4.18.0-193.60.2.el8_2.aarch64.rpm kernel-tools-4.18.0-193.60.2.el8_2.aarch64.rpm kernel-tools-debuginfo-4.18.0-193.60.2.el8_2.aarch64.rpm kernel-tools-libs-4.18.0-193.60.2.el8_2.aarch64.rpm perf-4.18.0-193.60.2.el8_2.aarch64.rpm perf-debuginfo-4.18.0-193.60.2.el8_2.aarch64.rpm python3-perf-4.18.0-193.60.2.el8_2.aarch64.rpm python3-perf-debuginfo-4.18.0-193.60.2.el8_2.aarch64.rpm noarch: kernel-abi-whitelists-4.18.0-193.60.2.el8_2.noarch.rpm kernel-doc-4.18.0-193.60.2.el8_2.noarch.rpm ppc64le: bpftool-4.18.0-193.60.2.el8_2.ppc64le.rpm bpftool-debuginfo-4.18.0-193.60.2.el8_2.ppc64le.rpm kernel-4.18.0-193.60.2.el8_2.ppc64le.rpm kernel-core-4.18.0-193.60.2.el8_2.ppc64le.rpm kernel-cross-headers-4.18.0-193.60.2.el8_2.ppc64le.rpm kernel-debug-4.18.0-193.60.2.el8_2.ppc64le.rpm kernel-debug-core-4.18.0-193.60.2.el8_2.ppc64le.rpm kernel-debug-debuginfo-4.18.0-193.60.2.el8_2.ppc64le.rpm kernel-debug-devel-4.18.0-193.60.2.el8_2.ppc64le.rpm kernel-debug-modules-4.18.0-193.60.2.el8_2.ppc64le.rpm kernel-debug-modules-extra-4.18.0-193.60.2.el8_2.ppc64le.rpm kernel-debuginfo-4.18.0-193.60.2.el8_2.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-193.60.2.el8_2.ppc64le.rpm kernel-devel-4.18.0-193.60.2.el8_2.ppc64le.rpm kernel-headers-4.18.0-193.60.2.el8_2.ppc64le.rpm kernel-modules-4.18.0-193.60.2.el8_2.ppc64le.rpm kernel-modules-extra-4.18.0-193.60.2.el8_2.ppc64le.rpm kernel-tools-4.18.0-193.60.2.el8_2.ppc64le.rpm kernel-tools-debuginfo-4.18.0-193.60.2.el8_2.ppc64le.rpm kernel-tools-libs-4.18.0-193.60.2.el8_2.ppc64le.rpm perf-4.18.0-193.60.2.el8_2.ppc64le.rpm perf-debuginfo-4.18.0-193.60.2.el8_2.ppc64le.rpm python3-perf-4.18.0-193.60.2.el8_2.ppc64le.rpm python3-perf-debuginfo-4.18.0-193.60.2.el8_2.ppc64le.rpm s390x: bpftool-4.18.0-193.60.2.el8_2.s390x.rpm bpftool-debuginfo-4.18.0-193.60.2.el8_2.s390x.rpm kernel-4.18.0-193.60.2.el8_2.s390x.rpm kernel-core-4.18.0-193.60.2.el8_2.s390x.rpm kernel-cross-headers-4.18.0-193.60.2.el8_2.s390x.rpm kernel-debug-4.18.0-193.60.2.el8_2.s390x.rpm kernel-debug-core-4.18.0-193.60.2.el8_2.s390x.rpm kernel-debug-debuginfo-4.18.0-193.60.2.el8_2.s390x.rpm kernel-debug-devel-4.18.0-193.60.2.el8_2.s390x.rpm kernel-debug-modules-4.18.0-193.60.2.el8_2.s390x.rpm kernel-debug-modules-extra-4.18.0-193.60.2.el8_2.s390x.rpm kernel-debuginfo-4.18.0-193.60.2.el8_2.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-193.60.2.el8_2.s390x.rpm kernel-devel-4.18.0-193.60.2.el8_2.s390x.rpm kernel-headers-4.18.0-193.60.2.el8_2.s390x.rpm kernel-modules-4.18.0-193.60.2.el8_2.s390x.rpm kernel-modules-extra-4.18.0-193.60.2.el8_2.s390x.rpm kernel-tools-4.18.0-193.60.2.el8_2.s390x.rpm kernel-tools-debuginfo-4.18.0-193.60.2.el8_2.s390x.rpm kernel-zfcpdump-4.18.0-193.60.2.el8_2.s390x.rpm kernel-zfcpdump-core-4.18.0-193.60.2.el8_2.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-193.60.2.el8_2.s390x.rpm kernel-zfcpdump-devel-4.18.0-193.60.2.el8_2.s390x.rpm kernel-zfcpdump-modules-4.18.0-193.60.2.el8_2.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-193.60.2.el8_2.s390x.rpm perf-4.18.0-193.60.2.el8_2.s390x.rpm perf-debuginfo-4.18.0-193.60.2.el8_2.s390x.rpm python3-perf-4.18.0-193.60.2.el8_2.s390x.rpm python3-perf-debuginfo-4.18.0-193.60.2.el8_2.s390x.rpm x86_64: bpftool-4.18.0-193.60.2.el8_2.x86_64.rpm bpftool-debuginfo-4.18.0-193.60.2.el8_2.x86_64.rpm kernel-4.18.0-193.60.2.el8_2.x86_64.rpm kernel-core-4.18.0-193.60.2.el8_2.x86_64.rpm kernel-cross-headers-4.18.0-193.60.2.el8_2.x86_64.rpm kernel-debug-4.18.0-193.60.2.el8_2.x86_64.rpm kernel-debug-core-4.18.0-193.60.2.el8_2.x86_64.rpm kernel-debug-debuginfo-4.18.0-193.60.2.el8_2.x86_64.rpm kernel-debug-devel-4.18.0-193.60.2.el8_2.x86_64.rpm kernel-debug-modules-4.18.0-193.60.2.el8_2.x86_64.rpm kernel-debug-modules-extra-4.18.0-193.60.2.el8_2.x86_64.rpm kernel-debuginfo-4.18.0-193.60.2.el8_2.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-193.60.2.el8_2.x86_64.rpm kernel-devel-4.18.0-193.60.2.el8_2.x86_64.rpm kernel-headers-4.18.0-193.60.2.el8_2.x86_64.rpm kernel-modules-4.18.0-193.60.2.el8_2.x86_64.rpm kernel-modules-extra-4.18.0-193.60.2.el8_2.x86_64.rpm kernel-tools-4.18.0-193.60.2.el8_2.x86_64.rpm kernel-tools-debuginfo-4.18.0-193.60.2.el8_2.x86_64.rpm kernel-tools-libs-4.18.0-193.60.2.el8_2.x86_64.rpm perf-4.18.0-193.60.2.el8_2.x86_64.rpm perf-debuginfo-4.18.0-193.60.2.el8_2.x86_64.rpm python3-perf-4.18.0-193.60.2.el8_2.x86_64.rpm python3-perf-debuginfo-4.18.0-193.60.2.el8_2.x86_64.rpm Red Hat CodeReady Linux Builder EUS (v. 8.2): aarch64: bpftool-debuginfo-4.18.0-193.60.2.el8_2.aarch64.rpm kernel-debug-debuginfo-4.18.0-193.60.2.el8_2.aarch64.rpm kernel-debuginfo-4.18.0-193.60.2.el8_2.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-193.60.2.el8_2.aarch64.rpm kernel-tools-debuginfo-4.18.0-193.60.2.el8_2.aarch64.rpm kernel-tools-libs-devel-4.18.0-193.60.2.el8_2.aarch64.rpm perf-debuginfo-4.18.0-193.60.2.el8_2.aarch64.rpm python3-perf-debuginfo-4.18.0-193.60.2.el8_2.aarch64.rpm ppc64le: bpftool-debuginfo-4.18.0-193.60.2.el8_2.ppc64le.rpm kernel-debug-debuginfo-4.18.0-193.60.2.el8_2.ppc64le.rpm kernel-debuginfo-4.18.0-193.60.2.el8_2.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-193.60.2.el8_2.ppc64le.rpm kernel-tools-debuginfo-4.18.0-193.60.2.el8_2.ppc64le.rpm kernel-tools-libs-devel-4.18.0-193.60.2.el8_2.ppc64le.rpm perf-debuginfo-4.18.0-193.60.2.el8_2.ppc64le.rpm python3-perf-debuginfo-4.18.0-193.60.2.el8_2.ppc64le.rpm x86_64: bpftool-debuginfo-4.18.0-193.60.2.el8_2.x86_64.rpm kernel-debug-debuginfo-4.18.0-193.60.2.el8_2.x86_64.rpm kernel-debuginfo-4.18.0-193.60.2.el8_2.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-193.60.2.el8_2.x86_64.rpm kernel-tools-debuginfo-4.18.0-193.60.2.el8_2.x86_64.rpm kernel-tools-libs-devel-4.18.0-193.60.2.el8_2.x86_64.rpm perf-debuginfo-4.18.0-193.60.2.el8_2.x86_64.rpm python3-perf-debuginfo-4.18.0-193.60.2.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYPdKddzjgjWX9erEAQhLHw/8CtsaptRIaXpqaAqj2dZCzmPJHC8iyNOj 5dmUgyNRCwyoUVIXRtGr4TBR+Bxi0Y37ofV1bAdK7igPDppxmbEANIR4NhOaktf3 w17HflEhh8us5fmTxYNlRa2++UIvuWBGfH4+kfODkSDCBgbb9Q2xIxPRXWQRvLjr ide7SRs9zF31KYoat9kWWDhMSZDitVlU2wvWsx1j40UD6a1sUx9M2Q/cCbcu8NSO 9kyVxyOhDHs72sbOLsbiwfDAYKmUjdkDVBY+5Rl2DbtxIz0jZOWSbHvhsu6ndpN4 iKxbcHVrfpMjQAX4KnDYIKB8PPHXzRcbQLRGSZWpAdGmPc/H+3vGTAXZJSDIi/61 +9OXWRn9PSkAR3WFNOPo1rru5WI7cncykx8jm5sCwzcnBGsgz+E8Exwf+MObnOqx OVMnSwU52kFdyDciwlXobjGtEdEMN/Jf/f+dM1KIJxj8YTgygzJQw/Z3fWeI/gvh fcqSeFjAN3+A+aVXn8NcaBPIEjAqdwEA9kvT8JxGo8co1KzmHxCZVpxnECYSsQuW qttiF50ohXwLbYklFG8Mt0pD04HmnsmLUvFZYK2m9MSfUsz4dFjgDnov8p7btGgu yJ/6Aul7C6TjZZvQG9fz6Id+mh4uPPMvQrVSQLrl68bOWpphyoRqzcTTFNFj1g+w gIkv6r9Alj4=hVNH -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8.1) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. (CVE-2021-33909) Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle malformed packets from a network PV frontend, leading to a use-after-free vulnerability. ========================================================================== Ubuntu Security Notice USN-5018-1 July 20, 2021 linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi (V8) systems - linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors - linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-hwe: Linux hardware enablement (HWE) kernel Details: It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-33909) Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33200) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation did not properly clear received fragments from memory in some situations. A physically proximate attacker could possibly use this issue to inject packets or expose sensitive information. (CVE-2020-24586) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled encrypted fragments. A physically proximate attacker could possibly use this issue to decrypt fragments. (CVE-2020-24587) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation incorrectly handled EAPOL frames from unauthenticated senders. A physically proximate attacker could inject malicious packets to cause a denial of service (system crash). (CVE-2020-26139) Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could reassemble mixed encrypted and plaintext fragments. A physically proximate attacker could possibly use this issue to inject packets or exfiltrate selected fragments. (CVE-2020-26147) It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. (CVE-2020-26558, CVE-2021-0129) Or Cohen and Nadav Markus discovered a use-after-free vulnerability in the nfc implementation in the Linux kernel. A privileged local attacker could use this issue to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-23134) Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly prevent speculative loads in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2021-31829) It was discovered that a race condition in the kernel Bluetooth subsystem could lead to use-after-free of slab objects. An attacker could use this issue to possibly execute arbitrary code. (CVE-2021-32399) It was discovered that a use-after-free existed in the Bluetooth HCI driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-33034) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: linux-image-4.15.0-1078-oracle 4.15.0-1078.86 linux-image-4.15.0-1092-raspi2 4.15.0-1092.98 linux-image-4.15.0-1097-kvm 4.15.0-1097.99 linux-image-4.15.0-1106-gcp 4.15.0-1106.120 linux-image-4.15.0-1109-aws 4.15.0-1109.116 linux-image-4.15.0-1109-snapdragon 4.15.0-1109.118 linux-image-4.15.0-1121-azure 4.15.0-1121.134 linux-image-4.15.0-151-generic 4.15.0-151.157 linux-image-4.15.0-151-generic-lpae 4.15.0-151.157 linux-image-4.15.0-151-lowlatency 4.15.0-151.157 linux-image-aws-lts-18.04 4.15.0.1109.112 linux-image-azure-lts-18.04 4.15.0.1121.94 linux-image-gcp-lts-18.04 4.15.0.1106.125 linux-image-generic 4.15.0.151.139 linux-image-generic-lpae 4.15.0.151.139 linux-image-kvm 4.15.0.1097.93 linux-image-lowlatency 4.15.0.151.139 linux-image-oracle-lts-18.04 4.15.0.1078.88 linux-image-raspi2 4.15.0.1092.90 linux-image-snapdragon 4.15.0.1109.112 linux-image-virtual 4.15.0.151.139 Ubuntu 16.04 ESM: linux-image-4.15.0-1078-oracle 4.15.0-1078.86~16.04.1 linux-image-4.15.0-1106-gcp 4.15.0-1106.120~16.04.1 linux-image-4.15.0-1109-aws 4.15.0-1109.116~16.04.1 linux-image-4.15.0-1121-azure 4.15.0-1121.134~16.04.1 linux-image-4.15.0-151-generic 4.15.0-151.157~16.04.1 linux-image-4.15.0-151-lowlatency 4.15.0-151.157~16.04.1 linux-image-aws-hwe 4.15.0.1109.100 linux-image-azure 4.15.0.1121.112 linux-image-gcp 4.15.0.1106.107 linux-image-generic-hwe-16.04 4.15.0.151.146 linux-image-gke 4.15.0.1106.107 linux-image-lowlatency-hwe-16.04 4.15.0.151.146 linux-image-oem 4.15.0.151.146 linux-image-oracle 4.15.0.1078.66 linux-image-virtual-hwe-16.04 4.15.0.151.146 Ubuntu 14.04 ESM: linux-image-4.15.0-1121-azure 4.15.0-1121.134~14.04.1 linux-image-azure 4.15.0.1121.94 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5018-1 CVE-2020-24586, CVE-2020-24587, CVE-2020-26139, CVE-2020-26147, CVE-2020-26558, CVE-2021-0129, CVE-2021-23134, CVE-2021-31829, CVE-2021-32399, CVE-2021-33034, CVE-2021-33200, CVE-2021-33909 Package Information: https://launchpad.net/ubuntu/+source/linux/4.15.0-151.157 https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1109.116 https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1121.134 https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1106.120 https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1097.99 https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1078.86 https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1092.98 https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1109.118 . (CVE-2021-3653) Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. If you are running a kernel version earlier than the one listed below, please upgrade your kernel as soon as possible

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

input validation error

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-07-13T20:29:30.658000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE