[ops][security-sig] KVM AMD vulnerabilities (CVE-2021-3653, CVE-2021-3656)
Jeremy Stanley
fungi at yuggoth.org
Mon Aug 16 16:20:27 UTC 2021
I usually don't do this, but as it is likely to be a widespread
concern across many OpenStack deployments I thought it would be a
good idea to bring the situation to everyone's attention and help
spread the word.
Today, two new vulnerabilities were announced in the Linux KVM
implementation for AMD processors (CVE-2021-3653 and CVE-2021-3656):
https://www.openwall.com/lists/oss-security/2021/08/16/1
The impact described there indicates that these could be leveraged
by guest virtual machines to gain access to their underlying
hypervisor host servers. If you run a KVM-based deployment on AMD
processors, please be on the lookout for updates from your Linux
distribution and apply them at the earliest opportunity. Also
consider temporarily enacting the mitigations listed in the advisory
(e.g. disabling nested virtualization in the kvm_amd module).
--
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20210816/6e90dc8f/attachment.sig>
More information about the openstack-discuss
mailing list