CVE-2021-3904: 
PHP vulnerability analysis and mitigation

CVE-2021-3904 is a security vulnerability affecting the Linux kernel packages in Red Hat Enterprise Linux 8.2 Extended Update Support. The vulnerability was disclosed on October 19, 2021, and is related to SVM nested virtualization issues in KVM (Red Hat Advisory).

The vulnerability specifically affects the kernel's implementation of SVM (Secure Virtual Machine) nested virtualization in KVM (Kernel-based Virtual Machine). Two distinct issues were identified: one related to AVIC support (CVE-2021-3653) and another concerning VMLOAD/VMSAVE operations (CVE-2021-3656). Red Hat has rated this vulnerability as having a Moderate security impact (Red Hat Advisory).

The vulnerability affects various Red Hat Enterprise Linux 8.2 Extended Update Support platforms, including x86_64, IBM z Systems, Power LE, and ARM 64 architectures. The impact is considered moderate according to Red Hat's security classification system (Red Hat Advisory).

Red Hat has released kernel security updates to address this vulnerability. The fix is included in kernel version 4.18.0-193.68.1.el8_2. Systems must be rebooted for the update to take effect. Users are advised to apply the security update following Red Hat's standard update procedures (Red Hat Advisory).