CVE-2020-2732

Опубликовано: 24 фев. 2020

Источник: redhat

CVSS3: 5.8

Описание

A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.

A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested(=1) virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervisor into accessing sensitive bits of the L1 hypervisor. An L2 guest could use this flaw to potentially access information of the L1 hypervisor.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-alt	Not affected
Red Hat Enterprise MRG 2	kernel-rt	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Fixed	RHSA-2020:4062	29.09.2020
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2020:4060	29.09.2020
Red Hat Enterprise Linux 8	kernel-rt	Fixed	RHSA-2020:2171	14.05.2020
Red Hat Enterprise Linux 8	kernel	Fixed	RHSA-2020:2102	12.05.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-200

https://bugzilla.redhat.com/show_bug.cgi?id=1805135Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources

5.8 Medium

CVSS3

Связанные уязвимости

CVE-2020-2732

CVSS3: 5.8

ubuntu

около 5 лет назад

CVE-2020-2732

CVSS3: 5.8

nvd

около 5 лет назад

CVE-2020-2732

CVSS3: 5.8

debian

около 5 лет назад

A flaw was discovered in the way that the KVM hypervisor handled instr ...

GHSA-pqrp-hrrg-q69p

github

около 3 лет назад

ELSA-2020-5543

oracle-oval

больше 5 лет назад

ELSA-2020-5543: Unbreakable Enterprise kernel security update (IMPORTANT)

5.8 Medium

CVSS3