Boris Ostrovsky

**Name of the Vulnerable Software and Affected Versions** KVM (affected versions not specified) **Description** A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest. The vulnerability is related to information disclosure and can be exploited by a remote attacker to gain access to protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 4.10 (host) with 4.16 or later (guest) **Description** The issue is related to the Kernel-based Virtual Machine (KVM) subsystem in Linux, specifically with simultaneous execution using a shared resource with incorrect synchronization. This allows an attacker to access confidential data. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out. **Recommendations** For Linux kernel version 4.10 (host) with 4.16 or later (guest), consider disabling PV TLB in the guest kernel as a temporary workaround until a patch is available. Restrict access to sensitive data in the guest kernel to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.