CVE-2020-2732: Infoleak
First published: Thu Feb 20 2020(Updated: )
A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1160.rt56.1131.el7 | 0:3.10.0-1160.rt56.1131.el7 |
| redhat/kernel | <0:3.10.0-1160.el7 | 0:3.10.0-1160.el7 |
| redhat/kernel-rt | <0:4.18.0-193.1.2.rt13.53.el8_2 | 0:4.18.0-193.1.2.rt13.53.el8_2 |
| redhat/kernel | <0:4.18.0-193.1.2.el8_2 | 0:4.18.0-193.1.2.el8_2 |
| Red Hat Enterprise Linux | =7.0 | |
| Red Hat Enterprise Linux | =8.0 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.13-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-2732 https://nvd.nist.gov/vuln/detail/CVE-2020-2732
- https://bugzilla.redhat.com/show_bug.cgi?id=1805135
- https://access.redhat.com/errata/RHSA-2020:4062
- https://access.redhat.com/errata/RHSA-2020:4060
- https://access.redhat.com/errata/RHSA-2020:2171
- https://access.redhat.com/errata/RHSA-2020:2102
- https://access.redhat.com/security/cve/cve-2020-2732
- https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec
- https://git.kernel.org/linus/35a571346a94fb93b5b3b6a599675ef3384bc75c
- https://git.kernel.org/linus/e71237d3ff1abf9f3388337cfebf53b96df2020d
- https://linux.oracle.com/errata/ELSA-2020-5540.html
- https://linux.oracle.com/errata/ELSA-2020-5542.html
- https://linux.oracle.com/errata/ELSA-2020-5543.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
- https://www.debian.org/security/2020/dsa-4667
- https://www.debian.org/security/2020/dsa-4698
- https://www.openwall.com/lists/oss-security/2020/02/25/3
- https://www.spinics.net/lists/kvm/msg208259.html
- https://launchpad.net/bugs/cve/CVE-2020-2732
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1664312&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1664312&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1806816
- https://git.kernel.org/linus/86f7e90ce840aa1db407d3ea6e9b3a52b2ce923c
- https://security-tracker.debian.org/tracker/CVE-2020-2732
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2732
- https://nvd.nist.gov/vuln/detail/CVE-2020-2732
- https://ubuntu.com/security/CVE-2020-2732
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2020-2732?
CVE-2020-2732 has a critical severity rating as it allows an L2 guest to potentially access restricted L1 resources.
How do I fix CVE-2020-2732?
To fix CVE-2020-2732, update the affected kernel packages to the provided remedial versions for your operating system.
Which versions of Red Hat Enterprise Linux are affected by CVE-2020-2732?
CVE-2020-2732 affects Red Hat Enterprise Linux 7.0 and 8.0 versions.
What types of systems are vulnerable due to CVE-2020-2732?
Systems utilizing KVM hypervisor with nested virtualization enabled are vulnerable due to CVE-2020-2732.
What can an attacker achieve through CVE-2020-2732?
An attacker can compromise the L0 guest by accessing sensitive information from the L1 resources through the L2 guest.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-2732
- agent/author
- agent/severity
- agent/weakness
- agent/remedy
- agent/references
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- agent/last-modified-date
- agent/trending
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/source
- agent/tags
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/7.0
- version/red hat enterprise linux/8.0
- package-manager/debian