Description
A flaw was discovered in the way that the KVM hypervisor handled
instruction emulation for an L2 guest when nested virtualisation is
enabled. Under some circumstances, an L2 guest may trick the L0 guest into
accessing sensitive L1 resources that should be inaccessible to the L2
guest.
Ubuntu-Description
Paulo Bonzini discovered that the KVM hypervisor implementation in the
Linux kernel could improperly let a nested (level 2) guest access the
resources of a parent (level 1) guest in certain situations. An attacker
could use this to expose sensitive information.
Notes
| sbeattie | only systems running Intel processors are affected. |
Package
| Upstream: | released
(5.6~rc4)
|
| Ubuntu 18.04 LTS: | released
(4.15.0-91.92)
|
| Ubuntu 20.04 LTS: | not-affected
(5.4.0-18.22)
|
| Ubuntu 16.04 ESM: | released
(4.4.0-176.206)
|
| Ubuntu 14.04 ESM: | ignored
(was needed ESM criteria)
|
Patches:
Package
| Upstream: | released
(5.6~rc4)
|
| Ubuntu 18.04 LTS: | released
(4.15.0-1063.67)
|
| Ubuntu 20.04 LTS: | not-affected
(5.4.0-1005.5)
|
| Ubuntu 16.04 ESM: | released
(4.4.0-1104.115)
|
| Ubuntu 14.04 ESM: | released
(4.4.0-1064.68)
|
Patches:
Package
| Upstream: | released
(5.6~rc4)
|
| Ubuntu 18.04 LTS: | released
(5.0.0-1027.30)
|
| Ubuntu 20.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(5.6~rc4)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 20.04 LTS: | DNE
|
| Ubuntu 16.04 ESM: | released
(4.15.0-1063.67~16.04.1)
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(5.6~rc4)
|
| Ubuntu 18.04 LTS: | released
(5.0.0-1035.37)
|
| Ubuntu 20.04 LTS: | not-affected
(5.4.0-1006.6)
|
| Ubuntu 16.04 ESM: | released
(4.15.0-1075.80)
|
| Ubuntu 14.04 ESM: | released
(4.15.0-1074.79~14.04.1)
|
Patches:
Package
| Upstream: | released
(5.6~rc4)
|
| Ubuntu 18.04 LTS: | released
(5.3.0-1016.17~18.04.1)
|
| Ubuntu 20.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(5.6~rc4)
|
| Ubuntu 18.04 LTS: | ignored
(was needs-triage now end-of-life)
|
| Ubuntu 20.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(5.6~rc4)
|
| Ubuntu 18.04 LTS: | released
(5.0.0-1033.34)
|
| Ubuntu 20.04 LTS: | not-affected
(5.4.0-1005.5)
|
| Ubuntu 16.04 ESM: | released
(4.15.0-1058.62)
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(5.6~rc4)
|
| Ubuntu 18.04 LTS: | released
(5.3.0-1014.15~18.04.1)
|
| Ubuntu 20.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(5.6~rc4)
|
| Ubuntu 18.04 LTS: | ignored
(was needs-triage now end-of-life)
|
| Ubuntu 20.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(5.6~rc4)
|
| Ubuntu 18.04 LTS: | released
(4.15.0-1055.58)
|
| Ubuntu 20.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(5.6~rc4)
|
| Ubuntu 18.04 LTS: | released
(5.0.0-1032.33)
|
| Ubuntu 20.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(5.6~rc4)
|
| Ubuntu 18.04 LTS: | released
(5.3.0-1014.15~18.04.1)
|
| Ubuntu 20.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(5.6~rc4)
|
| Ubuntu 18.04 LTS: | released
(5.3.0-42.34~18.04.1)
|
| Ubuntu 20.04 LTS: | DNE
|
| Ubuntu 16.04 ESM: | released
(4.15.0-91.92~16.04.1)
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(5.6~rc4)
|
| Ubuntu 18.04 LTS: | ignored
(was needs-triage now end-of-life)
|
| Ubuntu 20.04 LTS: | DNE
|
| Ubuntu 16.04 ESM: | ignored
(was needs-triage now end-of-life)
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(5.6~rc4)
|
| Ubuntu 18.04 LTS: | released
(4.15.0-1056.57)
|
| Ubuntu 20.04 LTS: | not-affected
(5.4.0-1004.4)
|
| Ubuntu 16.04 ESM: | released
(4.4.0-1068.75)
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(5.6~rc4)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 20.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(5.6~rc4)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 20.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | released
(4.4.0-176.206~14.04.1)
|
Patches:
Package
| Upstream: | released
(5.6~rc4)
|
| Ubuntu 18.04 LTS: | released
(4.15.0-1076.86)
|
| Ubuntu 20.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(5.6~rc4)
|
| Ubuntu 18.04 LTS: | DNE
|
| Ubuntu 20.04 LTS: | not-affected
(5.6.0-1007.7)
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(5.6~rc4)
|
| Ubuntu 18.04 LTS: | released
(5.0.0-1043.48)
|
| Ubuntu 20.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(5.6~rc4)
|
| Ubuntu 18.04 LTS: | released
(4.15.0-1035.39)
|
| Ubuntu 20.04 LTS: | not-affected
(5.4.0-1005.5)
|
| Ubuntu 16.04 ESM: | released
(4.15.0-1035.38~16.04.1)
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(5.6~rc4)
|
| Ubuntu 18.04 LTS: | released
(5.0.0-1013.18)
|
| Ubuntu 20.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | released
(5.6~rc4)
|
| Ubuntu 18.04 LTS: | not-affected
(5.3.0-1011.12~18.04.1)
|
| Ubuntu 20.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | not-affected
(Intel only)
|
| Ubuntu 18.04 LTS: | not-affected
(Intel only)
|
| Ubuntu 20.04 LTS: | ignored
(was pending \[5.4.0-1006.6\] now end-of-life)
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | not-affected
(Intel only)
|
| Ubuntu 18.04 LTS: | not-affected
(Intel only)
|
| Ubuntu 20.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Package
| Upstream: | not-affected
(Intel only)
|
| Ubuntu 18.04 LTS: | not-affected
(Intel only)
|
| Ubuntu 20.04 LTS: | DNE
|
| Ubuntu 14.04 ESM: | DNE
|
Patches:
Updated: 2022-04-13 14:18:30 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)