CVE-2021-3656

HIGH

Linux Kernel 4.13-<4.14.245 - Missing Authorization in KVM SVM Nested Virtualization

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-3656. PoCs published by rami08448.

AI-analyzed exploit summary The repository provides a technical analysis of CVE-2021-3656, a vulnerability in KVM's AMD nested virtualization due to missing validation of the `virt_ext` VMCB field. It includes references to patches, vulnerable code, and setup instructions but lacks functional exploit code.

Description

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.

Exploits (1)

nomisec WRITEUP 2 stars
by rami08448 · poc
https://github.com/rami08448/CVE-2021-3656-Demo

The repository provides a technical analysis of CVE-2021-3656, a vulnerability in KVM's AMD nested virtualization due to missing validation of the `virt_ext` VMCB field. It includes references to patches, vulnerable code, and setup instructions but lacks functional exploit code.

Classification
Writeup 90%
Attack Type
Other
Complexity
Complex
Reliability
Theoretical
Target: Linux Kernel KVM (4.13 and later)
No auth needed
Prerequisites: Nested virtualization environment with KVM and AMD SVM · Kernel version 4.13 or later
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2021/08/16/1
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1983988

Scores

CVSS v3 8.8
EPSS 0.0066
EPSS Percentile 47.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-862
Status published
Products (44)
fedoraproject/fedora 33
fedoraproject/fedora 34
linux/linux_kernel 5.14 (7 CPE variants)
linux/linux_kernel 4.13 - 4.14.245
redhat/3scale_api_management 2.0
redhat/codeready_linux_builder
redhat/enterprise_linux 8.0
redhat/enterprise_linux_desktop 7.0
redhat/enterprise_linux_eus 8.1
redhat/enterprise_linux_eus 8.2
... and 34 more
Published Mar 04, 2022
Tracked Since Feb 18, 2026