#VU65770 Use-after-free in Linux kernel - CVE-2021-29657

Cybersecurity Help s.r.o.

Published: 2022-07-25

Vulnerability identifier: #VU65770

Vulnerability risk: Medium

CVSSv4.0: 5.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-29657

CWE-ID: CWE-416

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in arch/x86/kvm/svm/nested.c. An AMD KVM guest can bypass access control on host OS MSRs when there are nested guests and execute arbitrary code on the hypervisor.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: before 5.11.12, 5.11.12

External links
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a58d9166a756a0f4a6618e4f593232593d6df134
https://bugs.chromium.org/p/project-zero/issues/detail?id=2177
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.12
https://packetstormsecurity.com/files/163324/KVM-nested_svm_vmrun-Double-Fetch.html
https://security.netapp.com/advisory/ntap-20210902-0008/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Use-after-free in Linux kernel AMD KVM

Ubuntu update for linux-oem-5.10