CVE-2020-2732
Published: 24 February 2020
A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.
From the Ubuntu Security Team
Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested (level 2) guest access the resources of a parent (level 1) guest in certain situations. An attacker could use this to expose sensitive information.
Notes
| Author | Note |
|---|---|
| sbeattie | only systems running Intel processors are affected. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-91.92)
|
| eoan |
Released
(5.3.0-42.34)
|
|
| focal |
Not vulnerable
(5.4.0-18.22)
|
|
| trusty |
Ignored
(was needed ESM criteria)
|
|
| upstream |
Released
(5.6~rc4)
|
|
| xenial |
Released
(4.4.0-176.206)
|
|
|
Patches: Introduced by 8a76d7f25f8f24fc5a328c8e15e4a7313cf141b9 Introduced by 55d2375e58a61be072431dd3d3c8a320f4a4a01b Introduced by fb6d4d340e0532032c808a9933eaaa7b8de435ab |
||
|
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1063.67)
|
| eoan |
Released
(5.3.0-1013.14)
|
|
| focal |
Not vulnerable
(5.4.0-1005.5)
|
|
| trusty |
Released
(4.4.0-1064.68)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Released
(5.6~rc4)
|
|
| xenial |
Released
(4.4.0-1104.115)
|
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1027.30)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc4)
|
|
| xenial |
Released
(4.15.0-1063.67~16.04.1)
|
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1035.37)
|
| eoan |
Released
(5.3.0-1016.17)
|
|
| focal |
Not vulnerable
(5.4.0-1006.6)
|
|
| trusty |
Released
(4.15.0-1074.79~14.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Released
(5.6~rc4)
|
|
| xenial |
Released
(4.15.0-1075.80)
|
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1016.17~18.04.1)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc4)
|
|
| xenial |
Ignored
(end of standard support, was needs-triage)
|
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1033.34)
|
| eoan |
Released
(5.3.0-1014.15)
|
|
| focal |
Not vulnerable
(5.4.0-1005.5)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc4)
|
|
| xenial |
Released
(4.15.0-1058.62)
|
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1014.15~18.04.1)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1055.58)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1032.33)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1014.15~18.04.1)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-42.34~18.04.1)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc4)
|
|
| xenial |
Released
(4.15.0-91.92~16.04.1)
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc4)
|
|
| xenial |
Ignored
(end of life, was needs-triage)
|
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1056.57)
|
| eoan |
Released
(5.3.0-1012.13)
|
|
| focal |
Not vulnerable
(5.4.0-1004.4)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc4)
|
|
| xenial |
Released
(4.4.0-1068.75)
|
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Released
(4.4.0-176.206~14.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Released
(5.6~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1076.86)
|
| eoan |
Released
(4.15.0-1076.86)
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc4)
|
|
| xenial |
Ignored
(end of standard support, was needs-triage)
|
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| eoan |
Does not exist
|
|
| focal |
Not vulnerable
(5.6.0-1007.7)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1043.48)
|
| eoan |
Released
(5.0.0-1043.48)
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-oracle Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1035.39)
|
| eoan |
Released
(5.3.0-1011.12)
|
|
| focal |
Not vulnerable
(5.4.0-1005.5)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc4)
|
|
| xenial |
Released
(4.15.0-1035.38~16.04.1)
|
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1013.18)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1011.12~18.04.1)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.6~rc4)
|
|
| xenial |
Does not exist
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(Intel only)
|
| eoan |
Not vulnerable
(Intel only)
|
|
| focal |
Ignored
(end of life, was pending)
|
|
| trusty |
Does not exist
|
|
| upstream |
Not vulnerable
(Intel only)
|
|
| xenial |
Not vulnerable
(Intel only)
|
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(Intel only)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Not vulnerable
(Intel only)
|
|
| xenial |
Does not exist
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(Intel only)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Not vulnerable
(Intel only)
|
|
| xenial |
Not vulnerable
(Intel only)
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.8 |
| Attack vector | Adjacent |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Changed |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
References
- https://www.spinics.net/lists/kvm/msg208259.html
- https://www.openwall.com/lists/oss-security/2020/02/25/4
- https://ubuntu.com/security/notices/USN-4300-1
- https://ubuntu.com/security/notices/USN-4301-1
- https://ubuntu.com/security/notices/USN-4302-1
- https://ubuntu.com/security/notices/USN-4303-1
- https://ubuntu.com/security/notices/USN-4303-2
- https://www.cve.org/CVERecord?id=CVE-2020-2732
- NVD
- Launchpad
- Debian