vulnerability
Oracle Linux: CVE-2020-2732: ELSA-2020-2102: kernel security and bug fix update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:A/AC:M/Au:S/C:P/I:N/A:N) | Feb 24, 2020 | Mar 2, 2020 | Dec 3, 2025 |
Severity
2
CVSS
(AV:A/AC:M/Au:S/C:P/I:N/A:N)
Published
Feb 24, 2020
Added
Mar 2, 2020
Modified
Dec 3, 2025
Description
A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.
A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested(=1) virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervisor into accessing sensitive bits of the L1 hypervisor. An L2 guest could use this flaw to potentially access information of the L1 hypervisor.
A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested(=1) virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervisor into accessing sensitive bits of the L1 hypervisor. An L2 guest could use this flaw to potentially access information of the L1 hypervisor.
Solutions
oracle-linux-upgrade-kerneloracle-linux-upgrade-kernel-uek
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.