21 matches found
CVE-2026-46131
A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine x86 virtualization module. An incorrect check for nested EPT/NPT Nested Extended Page Tables/Nested Nested Page Tables in slow flush hypercalls could lead to improper handling of L2 guests. This vulnerability arises because t...
CVE-2026-46076
A flaw was found in the Kernel-based Virtual Machine KVM nSVM module of the Linux kernel. This vulnerability occurs when an unhandled VMMCALL is not properly intercepted by the Level 1 L1 hypervisor. A malicious Level 2 L2 guest operating system could exploit this by making specific hypercalls,...
CVE-2026-43133
Summary: CVE-2026-43133 affects Linux kernel KVM’s nested virtualization (nSVM). When an L2 guest executes VMSAVE/VMLOAD and is not intercepted by L1, KVM may incorrectly use vmcb02 instead of vmcb01 for guest state handling due to an oversight in VMLOAD/VMSAVE emulation after a patch. The root c...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004380)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004380 advisory. A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstance...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001462)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001462 advisory. A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstance...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004156)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004156 advisory. A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstance...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002647)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002647 advisory. The preparevmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the CR8-load exiting and CR8-store exiting L0 vmcs02 control...
QEMU: improper IDE controller reset can lead to MBR overwrite
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...
SUSE CVE-2022-3344
A flaw was found in the KVM's AMD nested virtualization SVM. A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest L2, possibly leading to a page fault and kernel panic in the host L0...
UBUNTU-CVE-2022-3344
A flaw was found in the KVM's AMD nested virtualization SVM. A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest L2, possibly leading to a page fault and kernel panic in the host L0...
kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE)
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "virtext" field, this issue could allow a malicious...
kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE)
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "virtext" field, this issue could allow a malicious...
kernel: SVM nested virtualization issue in KVM (AVIC support)
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "intctl" field, this issue could allow a malicious ...
kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE)
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "virtext" field, this issue could allow a malicious...
Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources
A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested=1 virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervisor into accessing sensitive bits of the L1 hypervisor. An L2 guest could use this flaw to...
A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that L1 guest could access L0's APIC register values via L2 guest when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.
...
Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources
A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested=1 virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervisor into accessing sensitive bits of the L1 hypervisor. An L2 guest could use this flaw to...
USN-4303-1 linux, linux-aws, linux-kvm vulnerability
Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested level 2 guest access the resources of a parent level 1 guest in certain situations. An attacker could use this to expose sensitive information...
Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer
A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested =1 virtualization is enabled. This high resolution timerhrtimer runs when a L2 guest is active. After VM exit, the syncvmcs12 timer object is stopped. The...
UBUNTU-CVE-2017-12154
The preparevmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write...