CVE-2021-38198: 
Linux Kernel vulnerability analysis and mitigation

CVE-2021-38198 affects the Linux kernel before version 5.12.11, specifically in the arch/x86/kvm/mmu/paging_tmpl.h component. The vulnerability was discovered on August 8, 2021, and involves incorrect computation of access permissions for shadow pages, which leads to a missing guest protection page fault (NVD, CVE).

The vulnerability occurs in the KVM hypervisor implementation for x86 processors when computing the access permissions of a shadow page. The issue arises when shadow page tables are used (during nested virtualization or on CPUs lacking EPT/NPT features). The system incorrectly uses the effective permissions of the last non-leaf entry for all non-leaf entries, instead of using the logical AND of its parents' permissions. This leads to incorrect reuse of shadow pages when two guest PxE entries point at the same table gfn but have different parent permissions (GitHub). The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) (NVD).

When shadow page tables are used, this vulnerability could allow a user of the guest OS to bypass virtual memory protection within the guest. This could potentially lead to denial of service or privilege escalation within the guest environment (Ubuntu).

The vulnerability was fixed in Linux kernel version 5.12.11 by modifying how inherited permissions are computed for shadow pages. Various Linux distributions have backported the fix to their supported kernel versions. For example, Debian has addressed this in version 4.19.208-1~deb9u1 for Debian 9 stretch (Debian).