PT-2020-5252 · Linux+4 · Kvm+4

Boris Ostrovsky

·

Published

2020-02-23

·

Updated

2024-06-15

·

CVE-2020-2732

CVSS v3.1

6.8

Medium

VectorAV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions KVM (affected versions not specified)
Description A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest. The vulnerability is related to information disclosure and can be exploited by a remote attacker to gain access to protected information.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2020-05885
CESA-2020_2102
CESA-2020_2171
CESA-2020_4060
CVE-2020-2732
DLA-2241-1
DLA-2241-2
DLA-2242-1
DSA-4667-1
DSA-4698-1
MGASA-2020-0110
MGASA-2020-0158
OPENSUSE-SU-2020:0336-1
OPENSUSE-SU-2020_0336-1
OPENSUSE-SU-2024:10728-1
OPENSUSE-SU-2024:13704-1
RHSA-2020:2102
RHSA-2020:2171
RHSA-2020:4060
RHSA-2020:4062
RHSA-2020_2102
RHSA-2020_2171
RHSA-2020_4060
RHSA-2020_4062
SUSE-SU-2020:0558-1
SUSE-SU-2020:0559-1
SUSE-SU-2020:0560-1
SUSE-SU-2020:0584-1
SUSE-SU-2020:0649-1
SUSE-SU-2020:0667-1
SUSE-SU-2020:0688-1
SUSE-SU-2020:1087-1
SUSE-SU-2020:1142-1
SUSE-SU-2020:1255-1
SUSE-SU-2020:1275-1
SUSE-SU-2020:1663-1
SUSE-SU-2020_0688-1
SUSE-SU-2020_1663-1
USN-4300-1
USN-4301-1
USN-4302-1
USN-4303-1
USN-4303-2

Affected Products

Centos
Kvm
Red Hat
Suse
Ubuntu