Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9422)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-9422 advisory. - KVM: nSVM: always intercept VMLOAD/VMSAVE when nested Maxim Levitsky Orabug: 33205367 CVE-2021-3656 Tenable has extracted the preceding description...

KVM 安全漏洞

KVM is a kernel-based virtual machine. A security vulnerability exists in the AMD code for KVM, which stems from incorrect validation of "virtext" when processing VMCBs Virtual Machine Control Blocks provided by L1 guests to generate/process nested guests L2...

DEBIAN-CVE-2021-29657

arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in...

AZL-6554 CVE-2021-29657 affecting package kernel for versions less than 5.10.78.1-1

arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in...

Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources

A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested=1 virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervisor into accessing sensitive bits of the L1 hypervisor. An L2 guest could use this flaw to...

Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources

A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested=1 virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervisor into accessing sensitive bits of the L1 hypervisor. An L2 guest could use this flaw to...

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that L1 guest could access L0's APIC register values via L2 guest when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.

...

Oracle Linux 8 : kernel (ELSA-2020-2102)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-2102 advisory. - net netlabel: cope with NULL catmap Paolo Abeni 1827249 1827251 CVE-2020-10711 - mm s390/mm: fix page table upgrade vs 2ndary address mode accesses...

Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources

A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested=1 virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervisor into accessing sensitive bits of the L1 hypervisor. An L2 guest could use this flaw to...

Medium: kernel

Issue Overview: A stack buffer overflow issue was found in the getrawsocket routine of the Host kernel accelerator for virtio net vhost-net driver. It could occur while doing an ictolVHOSTNETSETBACKEND call, and retrieving socket name in a kernel stack variable via getrawsocket. A user able to...

CVE-2020-2732

A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest...

DEBIAN-CVE-2020-2732

A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest...

Design/Logic Flaw

A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest...

CVE-2018-16882

A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested=1 virtualization is enabled. In nestedgetvmcs12pages, in case of an error while processing posted interrupt address, it unmaps the 'pidescpage' without resetting 'pidesc' descript...

EulerOS Virtualization for ARM 64 3.0.6.0 : kernel (EulerOS-SA-2020-1368)

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can...

USN-4301-1 linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-oracle-5.0, linux-azure vulnerabilities

It was discovered that the KVM implementation in the Linux kernel, when paravirtual TLB flushes are enabled in guests, the hypervisor in some situations could miss deferred TLB flushes or otherwise mishandle them. An attacker in a guest VM could use this to expose sensitive information read memor...

USN-4300-1 linux, linux-aws, linux-gcp, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-raspi2-5.3, linux-azure, linux-azure-5.3 vulnerabilities

It was discovered that the KVM implementation in the Linux kernel, when paravirtual TLB flushes are enabled in guests, the hypervisor in some situations could miss deferred TLB flushes or otherwise mishandle them. An attacker in a guest VM could use this to expose sensitive information read memor...

Important: kernel

Issue Overview: A stack buffer overflow issue was found in the getrawsocket routine of the Host kernel accelerator for virtio net vhost-net driver. It could occur while doing an ictolVHOSTNETSETBACKEND call, and retrieving socket name in a kernel stack variable via getrawsocket. A user able to...

MGASA-2020-0110 Updated kernel packages fix security vulnerability

This update is based on upstream 5.5.6 and fixes at least the following security vulnerability: A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested=1 virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervis...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5542)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5542 advisory. - KVM: nVMX: Check IO instruction VM-exit conditions Oliver Upton Orabug: 30847137 CVE-2020-2732 - KVM: nVMX: Refactor IO bitmap checks into helper function...