[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-29657":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T02:53:27.892Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":36,"aliases":51,"duplicate_of":9,"upstream":52,"downstream":53,"duplicates":66,"related":67,"reserved_at":9,"published_at":70,"modified_at":71,"state":72,"summary":73,"references_raw":81,"kevs":109,"epss":110,"epss_history":113,"metrics":379,"affected":390},"CVE-2021-29657","arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in nested_svm_vmrun.",null,[11,28],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-367","Time-of-check Time-of-use (TOCTOU) Race Condition","The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.","weakness","Incomplete","Base","Medium",[20,24],{"id":21,"name":22,"techniques":23},"CAPEC-27","Leveraging Race Conditions via Symbolic Links",[],{"id":25,"name":26,"techniques":27},"CAPEC-29","Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions",[],{"_key":29,"id":29,"name":30,"description":31,"type":15,"status":32,"abstraction":33,"likelihood_of_exploit":34,"capec":35},"CWE-416","Use After Free","The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory \"belongs\" to the code that operates on the new pointer.","Stable","Variant","High",[],[37,46],{"_key":38,"name":39,"source":40,"url":41,"maturity":42,"reliability_score":43,"verified":44,"type":9,"platforms":45,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_F4811A4CC3A5A4E2","Exploit Reference (bugs.chromium.org)","reference","https://bugs.chromium.org/p/project-zero/issues/detail?id=2177","unknown",0.2,false,[],{"_key":47,"name":48,"source":40,"url":49,"maturity":42,"reliability_score":43,"verified":44,"type":9,"platforms":50,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_F0E9C6BEF36F755A","Exploit Reference (cdn.kernel.org)","https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.12",[],[],[],[54,56,58,60,62,64],{"_key":55},"UBUNTU-CVE-2021-29657",{"_key":57},"MGASA-2021-0191",{"_key":59},"MGASA-2021-0192",{"_key":61},"DEBIAN-CVE-2021-29657",{"_key":63},"RHSA-2021:4356",{"_key":65},"USN-4948-1",[],[68,69],{"_key":57},{"_key":59},"2021-07-22T16:44:33.000Z","2024-08-03T22:11:06.370Z","Modified",{"cisa_kev":44,"cisa_ransomware":44,"cisa_vendor":9,"epss_severity":74,"epss_score":75,"severity":76,"severity_score":77,"severity_version":78,"severity_source":79,"severity_vector":80,"severity_status":72},"low",0.00047,"high",7.4,"v3.1","nvd","CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",[82,90,96,101,105],{"url":83,"sources":84,"tags":86},"http://packetstormsecurity.com/files/163324/KVM-nested_svm_vmrun-Double-Fetch.html",[85,79],"cve.org",[87,88,89],"X Refsource MISC","Third Party Advisory","VDB Entry",{"url":41,"sources":91,"tags":92},[85,79],[87,93,94,95,88],"Exploit","Mailing List","Patch",{"url":97,"sources":98,"tags":99},"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a58d9166a756a0f4a6618e4f593232593d6df134",[85,79],[100,95,88],"X Refsource CONFIRM",{"url":49,"sources":102,"tags":103},[85,79],[100,93,95,104],"Vendor Advisory",{"url":106,"sources":107,"tags":108},"https://security.netapp.com/advisory/ntap-20210902-0008/",[85,79],[100,88],[],{"date":111,"score":75,"percentile":112},"2026-06-03",0.14902,[114,118,121,124,127,130,133,136,139,142,145,148,151,154,157,161,164,167,170,173,176,179,181,183,186,189,192,195,198,201,204,206,209,212,215,218,221,224,227,230,233,235,238,241,244,247,250,253,256,259,262,265,268,271,274,277,280,283,286,289,292,295,297,300,303,306,309,312,315,318,321,324,327,330,333,336,339,342,345,348,351,354,356,359,362,365,367,370,373,376],{"date":115,"score":116,"percentile":117},"2025-11-04",0.00043,0.12806,{"date":119,"score":116,"percentile":120},"2025-11-05",0.12837,{"date":122,"score":116,"percentile":123},"2025-11-06",0.12926,{"date":125,"score":116,"percentile":126},"2025-11-07",0.12939,{"date":128,"score":116,"percentile":129},"2025-11-08",0.12945,{"date":131,"score":116,"percentile":132},"2025-11-09",0.12918,{"date":134,"score":116,"percentile":135},"2025-11-10",0.12878,{"date":137,"score":116,"percentile":138},"2025-11-11",0.12894,{"date":140,"score":116,"percentile":141},"2025-11-12",0.12867,{"date":143,"score":116,"percentile":144},"2025-11-13",0.12885,{"date":146,"score":116,"percentile":147},"2025-11-14",0.12898,{"date":149,"score":116,"percentile":150},"2025-11-15",0.1289,{"date":152,"score":116,"percentile":153},"2025-11-16",0.12886,{"date":155,"score":116,"percentile":156},"2025-11-17",0.1286,{"date":158,"score":159,"percentile":160},"2025-11-18",0.00094,0.22553,{"date":162,"score":159,"percentile":163},"2025-11-19",0.22564,{"date":165,"score":159,"percentile":166},"2025-11-20",0.22571,{"date":168,"score":116,"percentile":169},"2025-11-21",0.129,{"date":171,"score":116,"percentile":172},"2025-11-22",0.12905,{"date":174,"score":116,"percentile":175},"2025-11-23",0.12889,{"date":177,"score":116,"percentile":178},"2025-11-24",0.12842,{"date":180,"score":116,"percentile":178},"2025-11-25",{"date":182,"score":116,"percentile":120},"2025-11-26",{"date":184,"score":116,"percentile":185},"2025-11-27",0.1284,{"date":187,"score":116,"percentile":188},"2025-11-28",0.12822,{"date":190,"score":116,"percentile":191},"2025-11-29",0.12795,{"date":193,"score":116,"percentile":194},"2025-11-30",0.12808,{"date":196,"score":116,"percentile":197},"2025-12-01",0.12841,{"date":199,"score":116,"percentile":200},"2025-12-02",0.12856,{"date":202,"score":116,"percentile":203},"2025-12-03",0.12876,{"date":205,"score":116,"percentile":156},"2025-12-04",{"date":207,"score":116,"percentile":208},"2025-12-05",0.12929,{"date":210,"score":116,"percentile":211},"2025-12-06",0.12936,{"date":213,"score":116,"percentile":214},"2025-12-07",0.12921,{"date":216,"score":116,"percentile":217},"2025-12-08",0.12928,{"date":219,"score":116,"percentile":220},"2025-12-09",0.1299,{"date":222,"score":116,"percentile":223},"2025-12-10",0.13065,{"date":225,"score":116,"percentile":226},"2025-12-11",0.13096,{"date":228,"score":116,"percentile":229},"2025-12-12",0.13141,{"date":231,"score":116,"percentile":232},"2025-12-13",0.13162,{"date":234,"score":116,"percentile":229},"2025-12-14",{"date":236,"score":116,"percentile":237},"2025-12-15",0.13102,{"date":239,"score":116,"percentile":240},"2025-12-16",0.13109,{"date":242,"score":116,"percentile":243},"2025-12-17",0.13211,{"date":245,"score":116,"percentile":246},"2025-12-18",0.13268,{"date":248,"score":116,"percentile":249},"2025-12-19",0.13318,{"date":251,"score":116,"percentile":252},"2025-12-20",0.13306,{"date":254,"score":116,"percentile":255},"2025-12-21",0.13277,{"date":257,"score":116,"percentile":258},"2025-12-22",0.13227,{"date":260,"score":116,"percentile":261},"2025-12-23",0.13234,{"date":263,"score":116,"percentile":264},"2025-12-24",0.13235,{"date":266,"score":116,"percentile":267},"2025-12-25",0.13305,{"date":269,"score":116,"percentile":270},"2025-12-26",0.13264,{"date":272,"score":116,"percentile":273},"2025-12-27",0.13265,{"date":275,"score":116,"percentile":276},"2025-12-28",0.13241,{"date":278,"score":116,"percentile":279},"2025-12-29",0.13129,{"date":281,"score":116,"percentile":282},"2025-12-30",0.13125,{"date":284,"score":116,"percentile":285},"2025-12-31",0.13184,{"date":287,"score":116,"percentile":288},"2026-01-01",0.13253,{"date":290,"score":116,"percentile":291},"2026-01-02",0.13237,{"date":293,"score":116,"percentile":294},"2026-01-03",0.13201,{"date":296,"score":116,"percentile":279},"2026-01-04",{"date":298,"score":116,"percentile":299},"2026-01-05",0.13075,{"date":301,"score":116,"percentile":302},"2026-01-06",0.13085,{"date":304,"score":116,"percentile":305},"2026-01-07",0.13119,{"date":307,"score":116,"percentile":308},"2026-01-08",0.13181,{"date":310,"score":116,"percentile":311},"2026-01-09",0.13189,{"date":313,"score":116,"percentile":314},"2026-01-10",0.13214,{"date":316,"score":116,"percentile":317},"2026-01-11",0.13142,{"date":319,"score":116,"percentile":320},"2026-01-12",0.13115,{"date":322,"score":116,"percentile":323},"2026-01-13",0.13092,{"date":325,"score":116,"percentile":326},"2026-01-14",0.13151,{"date":328,"score":116,"percentile":329},"2026-01-15",0.13154,{"date":331,"score":116,"percentile":332},"2026-01-16",0.13202,{"date":334,"score":116,"percentile":335},"2026-01-17",0.13217,{"date":337,"score":116,"percentile":338},"2026-01-18",0.13153,{"date":340,"score":116,"percentile":341},"2026-01-19",0.13094,{"date":343,"score":116,"percentile":344},"2026-01-20",0.13077,{"date":346,"score":116,"percentile":347},"2026-01-21",0.1306,{"date":349,"score":116,"percentile":350},"2026-01-22",0.13021,{"date":352,"score":116,"percentile":353},"2026-01-23",0.13105,{"date":355,"score":116,"percentile":338},"2026-01-24",{"date":357,"score":116,"percentile":358},"2026-01-25",0.13106,{"date":360,"score":116,"percentile":361},"2026-01-26",0.13038,{"date":363,"score":116,"percentile":364},"2026-01-27",0.13034,{"date":366,"score":116,"percentile":364},"2026-01-28",{"date":368,"score":116,"percentile":369},"2026-01-29",0.13018,{"date":371,"score":116,"percentile":372},"2026-01-30",0.13024,{"date":374,"score":116,"percentile":375},"2026-01-31",0.13022,{"date":377,"score":116,"percentile":378},"2026-02-01",0.13025,[380],{"source":79,"cvss_v2_0":381,"cvss_v3_0":9,"cvss_v3_1":386,"cvss_v4_0":9},{"baseScore":382,"baseSeverity":9,"vectorString":383,"impactScore":384,"exploitabilityScore":385},6.9,"AV:L/AC:M/Au:N/C:C/I:C/A:C",10,3.4,{"baseScore":77,"baseSeverity":387,"vectorString":80,"impactScore":388,"exploitabilityScore":389},"HIGH",9.8,3.6,[391],{"ecosystem":9,"name":392,"vendor":393,"product":394,"cpe_part":395,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":396},"linux kernel","linux","linux_kernel","o",[397,405],{"version":398,"is_range":399,"range_type":400,"version_start":401,"version_start_type":402,"version_end":403,"version_end_type":404,"fixed_in":9},"gte5.10_lt5.10.28",true,"cpe","5.10","including","5.10.28","excluding",{"version":406,"is_range":399,"range_type":400,"version_start":407,"version_start_type":402,"version_end":408,"version_end_type":404,"fixed_in":9},"gte5.11_lt5.11.12","5.11","5.11.12"]