Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-3653

EPSS 0.01% · P3
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-3653

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
KVM 权限许可和访问控制问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
KVM是基于内核的虚拟机。 KVM 的 AMD 代码中存在权限许可和访问控制问题漏洞,该漏洞源于在处理 L1 来宾提供的 VMCB(虚拟机控制块)以生成/处理嵌套来宾 (L2) 时对“int_ctl”的不正确验证。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-kernel kernel 5.14-rc7 -

II. Public POCs for CVE-2021-3653

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-3653

登录查看更多情报信息。

Same Patch Batch · n/a · 2021-09-29 · 21 CVEs total

CVE-2021-234467.5 HIGHRegular Expression Denial of Service (ReDoS)
CVE-2021-415737.5 HIGHHitachi Content Platform Anywhere (HCP-AW) 信息泄露漏洞
CVE-2021-35945Couchbase Server 缓冲区错误漏洞
CVE-2021-22947Migration Toolkit For Containers 数据伪造问题漏洞
CVE-2021-22946libcurl 安全漏洞
CVE-2021-33923Confluent Ansible 安全漏洞
CVE-2021-33924Confluent Ansible 安全漏洞
CVE-2021-40651OS4Ed OpenSIS 路径遍历漏洞
CVE-2021-41732Zeek 环境问题漏洞
CVE-2021-41764Streama 跨站请求伪造漏洞
CVE-2021-41826PlaceOs Authentication Service 输入验证错误漏洞
CVE-2021-35943Couchbase Server 授权问题漏洞
CVE-2021-35944Couchbase Server 缓冲区错误漏洞
CVE-2021-41795Apple Safari 安全漏洞
CVE-2020-20128LaraCms 信息泄露漏洞
CVE-2020-20129LaraCms 跨站脚本漏洞
CVE-2020-20131LaraCms 跨站脚本漏洞
CVE-2020-20781UCMS 跨站脚本漏洞
CVE-2021-41821Wazuh 数字错误漏洞
CVE-2021-41824Pixel&tonic Craft CMS 代码注入漏洞

IV. Related Vulnerabilities

Same product: kernel
Same vendor: n/a
Same weakness: CWE-862

V. Comments for CVE-2021-3653

No comments yet

Leave a comment