[SRU OEM-5.10/OEM-5.13 0/2] CVE-2021-3653/CVE-2021-3656

Thadeu Lima de Souza Cascardo cascardo at canonical.com
Tue Aug 17 13:00:19 UTC 2021

There are two commits here as landed upstream. For 5.13, I backported from
mainline, just fixing context (removing lines that were not present on 5.13),
which ended up the same as the backports for upstream 5.13.y.

For 5.10, I picked the fix for CVE-2021-3653 from upstream 5.10.y, as there
were some struct member changes, besides the absent lines. For CVE-2021-3656,
it was only the absent lines so I picked the mainline version and backported
it. The end result is the same as picking only from 5.10.y.

The reason I preferred backporting the mainline ones is that it makes it easier
for the autotriage process, though I ended up with one extra commit ID that I
will have to work with.

As for testing, I tested that one can still launch L2 linux guests after the
fixes, so LP: #1940134 does not affect these backports. Also, one PoC was used
for testing that CVE-2021-3656 is fixed.

Maxim Levitsky (2):
  KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl
  KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)

 arch/x86/include/asm/svm.h |  2 ++
 arch/x86/kvm/svm/nested.c  | 12 +++++++++---
 arch/x86/kvm/svm/svm.c     |  9 +++++----
 3 files changed, 16 insertions(+), 7 deletions(-)


More information about the kernel-team mailing list