CVE - CVE-2020-2732

CVE-ID
CVE-2020-2732	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
DEBIAN:DSA-4667 URL:https://www.debian.org/security/2020/dsa-4667 DEBIAN:DSA-4698 URL:https://www.debian.org/security/2020/dsa-4698 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1805135 MISC:https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec MISC:https://git.kernel.org/linus/35a571346a94fb93b5b3b6a599675ef3384bc75c MISC:https://git.kernel.org/linus/e71237d3ff1abf9f3388337cfebf53b96df2020d MISC:https://linux.oracle.com/errata/ELSA-2020-5540.html MISC:https://linux.oracle.com/errata/ELSA-2020-5542.html MISC:https://linux.oracle.com/errata/ELSA-2020-5543.html MISC:https://www.openwall.com/lists/oss-security/2020/02/25/3 MISC:https://www.spinics.net/lists/kvm/msg208259.html MLIST:[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update URL:https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html MLIST:[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update URL:https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html MLIST:[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update URL:https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
Assigning CNA
Oracle
Date Record Created
20191210	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20191210)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)