KVM Nest Virtualization L1 Guest Privilege Escalation

KVM nested virtualization: privilege escalation in L1 guest When KVM on Intel virtualizes another hypervisor as L1 VM it does not verify that VMX instructions from the L1 VM which trigger a VM exit and are emulated by L0 KVM are coming from ring 0. For code running on bare metal or VMX root mode...