QID 198502

Usn-5071-1 fixed vulnerabilities in the linux kernel for ubuntu 20the kvm hypervisor implementation for amd processors in the linux kernel allowed a guest vm to disable restrictions on vmload/vmsave in a nested guest.
The kvm hypervisor implementation for amd processors in the linux kernel did not properly prevent a guest vm from enabling avic in nested guest vms.
The kvm hypervisor implementation for amd processors in the linux kernel did not ensure enough processing time was given to perform cleanups of large sev vms.
The kvm hypervisor implementation in the linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability.
The joystick device interface in the linux kernel did not properly validate data passed via an ioctl().

Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

04 lts.
This update provides the corresponding updates for the linux hardware enablement (hwe) kernel from ubuntu 20.04 lts for ubuntu 18.04 lts.
An attacker in a guest vm could use this to read or write portions of the host's physical memory. (
Cve-2021-3656).
An attacker in a guest vm could use this to write to portions of the host's physical memory. (
Cve-2021-3653).
A local attacker could use this to cause a denial of service (soft lockup) (cve-2020-36311).
An attacker who could start and control a vm could possibly use this to expose sensitive information or execute arbitrary code. (
Cve-2021-22543).
A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code on systems with a joystick device registered. (
Cve-2021-3612).