6.8

CVE-2020-2732

A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.93% 0.558
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 2.3 4
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
nvd@nist.gov 2.3 4.4 2.9
AV:A/AC:M/Au:S/C:P/I:N/A:N
secalert_us@oracle.com 5.8 1.3 4
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html
https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html
https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html
https://www.debian.org/security/2020/dsa-4698
https://www.debian.org/security/2020/dsa-4667
https://bugzilla.redhat.com/show_bug.cgi?id=1805135
Third Party Advisory
Issue Tracking
https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec
Patch
Third Party Advisory
https://git.kernel.org/linus/35a571346a94fb93b5b3b6a599675ef3384bc75c
Patch
Third Party Advisory
https://git.kernel.org/linus/e71237d3ff1abf9f3388337cfebf53b96df2020d
Patch
Third Party Advisory
https://linux.oracle.com/errata/ELSA-2020-5540.html
Third Party Advisory
https://linux.oracle.com/errata/ELSA-2020-5542.html
Third Party Advisory
https://linux.oracle.com/errata/ELSA-2020-5543.html
Third Party Advisory
https://www.openwall.com/lists/oss-security/2020/02/25/3
Third Party Advisory
Mailing List
https://www.spinics.net/lists/kvm/msg208259.html
Patch
Third Party Advisory