Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-4093

Опубликовано: 18 фев. 2022
Источник: nvd
CVSS3: 8.8
CVSS2: 7.2
EPSS Низкий

Описание

A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example, outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the entire system or a potential guest-to-host escape scenario.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.11 (включая) до 5.14.16 (исключая)
Конфигурация 2
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*

EPSS

Процентиль: 26%
0.0009
Низкий

8.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-125
CWE-125

Связанные уязвимости

ubuntu логотип

CVE-2021-4093

CVSS3: 8.8
ubuntu
почти 4 года назад

A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example, outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the entire system or a potential guest-to-host escape scenario.

redhat логотип

CVE-2021-4093

CVSS3: 8.2
redhat
около 4 лет назад

A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example, outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the entire system or a potential guest-to-host escape scenario.

msrc логотип

CVE-2021-4093

CVSS3: 8.8
msrc
почти 4 года назад

A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the entire system or a potential guest-to-host escape scenario.

debian логотип

CVE-2021-4093

CVSS3: 8.8
debian
почти 4 года назад

A flaw was found in the KVM's AMD code for supporting the Secure Encry ...

github логотип

GHSA-2vg6-vx3w-m2r4

CVSS3: 8.8
github
почти 4 года назад

A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kernel via a malicious VMGEXIT for a string I/O instruction (for example, outs or ins) using the exit reason SVM_EXIT_IOIO. This issue results in a crash of the entire system or a potential guest-to-host escape scenario.

EPSS

Процентиль: 26%
0.0009
Низкий

8.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-125
CWE-125