CVE-2020-2732: Infoleak
First published: Thu Feb 20 2020(Updated: )
A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.
Credit: secalert_us@oracle.com secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1160.rt56.1131.el7 | 0:3.10.0-1160.rt56.1131.el7 |
| redhat/kernel | <0:3.10.0-1160.el7 | 0:3.10.0-1160.el7 |
| redhat/kernel-rt | <0:4.18.0-193.1.2.rt13.53.el8_2 | 0:4.18.0-193.1.2.rt13.53.el8_2 |
| redhat/kernel | <0:4.18.0-193.1.2.el8_2 | 0:4.18.0-193.1.2.el8_2 |
| Redhat Enterprise Linux | =7.0 | |
| Redhat Enterprise Linux | =8.0 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.12.5-1 6.12.6-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-2732 https://nvd.nist.gov/vuln/detail/CVE-2020-2732
- https://bugzilla.redhat.com/show_bug.cgi?id=1805135
- https://access.redhat.com/errata/RHSA-2020:4062
- https://access.redhat.com/errata/RHSA-2020:4060
- https://access.redhat.com/errata/RHSA-2020:2171
- https://access.redhat.com/errata/RHSA-2020:2102
- https://access.redhat.com/security/cve/cve-2020-2732
- https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec
- https://git.kernel.org/linus/35a571346a94fb93b5b3b6a599675ef3384bc75c
- https://git.kernel.org/linus/e71237d3ff1abf9f3388337cfebf53b96df2020d
- https://linux.oracle.com/errata/ELSA-2020-5540.html
- https://linux.oracle.com/errata/ELSA-2020-5542.html
- https://linux.oracle.com/errata/ELSA-2020-5543.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
- https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
- https://www.debian.org/security/2020/dsa-4667
- https://www.debian.org/security/2020/dsa-4698
- https://www.openwall.com/lists/oss-security/2020/02/25/3
- https://www.spinics.net/lists/kvm/msg208259.html
- https://launchpad.net/bugs/cve/CVE-2020-2732
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1664312&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1664312&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1806816
- https://git.kernel.org/linus/86f7e90ce840aa1db407d3ea6e9b3a52b2ce923c
- https://security-tracker.debian.org/tracker/CVE-2020-2732
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2732
- https://nvd.nist.gov/vuln/detail/CVE-2020-2732
- https://ubuntu.com/security/CVE-2020-2732
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-2732
- agent/author
- agent/severity
- agent/weakness
- agent/remedy
- agent/references
- agent/tags
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- package-manager/redhat
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/7.0
- version/redhat enterprise linux/8.0
- package-manager/debian