Under certain circumstances, an L2 guest may trick the L0 hypervisor into accessing sensitive L1 resources that are supposed to be inaccessible to the L2 guest according to L1 hypervisor configuration. Only Intel processors are affected. It requires netsted virtualization to be enabled, ie. kvm-intel.nested=1. Upstream patch(es): ------------------- -> https://www.spinics.net/lists/kvm/msg208259.html -> https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec -> https://git.kernel.org/linus/35a571346a94fb93b5b3b6a599675ef3384bc75c -> https://git.kernel.org/linus/e71237d3ff1abf9f3388337cfebf53b96df2020d Reference: ---------- -> https://www.openwall.com/lists/oss-security/2020/02/25/3
Acknowledgments: Name: Paolo Bonzini (Red Hat)
Created attachment 1664312 [details] Preliminary patch
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1806816]
Also: https://git.kernel.org/linus/86f7e90ce840aa1db407d3ea6e9b3a52b2ce923c
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:2102 https://access.redhat.com/errata/RHSA-2020:2102
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-2732
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:2171 https://access.redhat.com/errata/RHSA-2020:2171
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4062 https://access.redhat.com/errata/RHSA-2020:4062
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4060 https://access.redhat.com/errata/RHSA-2020:4060