First published: Wed Sep 28 2022(Updated: )
A flaw was found in the KVM's Intel nested virtualization feature (nVMX). Since L1 and L2 shared branch prediction modes (guest-user and guest-kernel), KVM did not protect indirect branches in L1 from steering by a malicious agent in L2. This could allow a malicious nested guest to carry out Spectre v2 attacks against L1 due to a missing IBPB at VM-exit time.
Credit: cve-coordination@google.com cve-coordination@google.com cve-coordination@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | >=5.4.47<5.4.233 | |
Linux Linux kernel | >=5.6.19<5.7 | |
Linux Linux kernel | >=5.7.3<5.10.170 | |
Linux Linux kernel | >=5.11<5.15.96 | |
Linux Linux kernel | >=5.16<6.1.14 | |
Debian Debian Linux | =10.0 | |
redhat/kernel-rt | <0:4.18.0-477.10.1.rt7.274.el8_8 | 0:4.18.0-477.10.1.rt7.274.el8_8 |
redhat/kernel | <0:4.18.0-477.10.1.el8_8 | 0:4.18.0-477.10.1.el8_8 |
redhat/kernel | <0:5.14.0-284.11.1.el9_2 | 0:5.14.0-284.11.1.el9_2 |
redhat/kernel-rt | <0:5.14.0-284.11.1.rt14.296.el9_2 | 0:5.14.0-284.11.1.rt14.296.el9_2 |
redhat/kernel | <6.2 | 6.2 |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
This vulnerability can be mitigated by disabling the nested virtualization feature: ``` # modprobe -r kvm_intel # modprobe kvm_intel nested=0 ```
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)