mirror of
https://github.com/0xMarcio/cve.git
synced 2026-02-12 18:42:46 +00:00
1.8 KiB
1.8 KiB
CVE-2021-29657
Description
arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in nested_svm_vmrun.
POC
Reference
- http://packetstormsecurity.com/files/163324/KVM-nested_svm_vmrun-Double-Fetch.html
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.12
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a58d9166a756a0f4a6618e4f593232593d6df134
Github
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/ARPSyndicate/cvemon
- https://github.com/kdn111/linux-kernel-exploitation
- https://github.com/khanhdn111/linux-kernel-exploitation
- https://github.com/khanhdz-06/linux-kernel-exploitation
- https://github.com/khanhdz191/linux-kernel-exploitation
- https://github.com/khanhhdz/linux-kernel-exploitation
- https://github.com/khanhhdz06/linux-kernel-exploitation
- https://github.com/khanhnd123/linux-kernel-exploitation
- https://github.com/khnhdz/linux-kernel-exploitation
- https://github.com/knd06/linux-kernel-exploitation
- https://github.com/ndk06/linux-kernel-exploitation
- https://github.com/ndk191/linux-kernel-exploitation
- https://github.com/ssr-111/linux-kernel-exploitation
- https://github.com/wkhnh06/linux-kernel-exploitation
- https://github.com/xairy/linux-kernel-exploitation