Announcement

Collapse
No announcement yet.

Linux 4.4.215 / 4.9.215 / 4.14.172 / 5.5.7 Kernels Bringing Intel KVM Security Fix

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • skeevy420
    replied
    Originally posted by puleglot View Post
    These security fixes also queued for 4.19 and 5.4 lts branches.
    *Looks at list of kernels*

    "Somethings fucky, where's the stuff I use?"

    *Reads comments*

    "Oh, there they are"

    Leave a comment:


  • CTTY
    replied
    Originally posted by fkoehler View Post
    The L1 host typically is the "real" host, hosting multiple L2 instances.
    In the article is the following mentioned:
    Originally posted by article
    the L2 guest could trick the L0 hypervisor into accessing sensitive bits of the L1 hypervisor

    So I think the L0 is the real host.


    Originally posted by article
    n the way KVM hypervisor handled instruction emulation for the L2 guest when nested(=1) virtualization is enabled

    But this still only applies when `
    nested=1` is set for `kvm_intel`.

    Leave a comment:


  • fkoehler
    replied
    Originally posted by CTTY View Post
    Do I understand correctly, that this is only affecting machines with nested virtualization, while the guest (L2) in the guest (L1) can only access data from the guest (L1). So this security flaw does not enable any guest to access data from the host?
    Not quite what I was reading. A guest CAN access data from its host (if it's an L2 guest). The L1 host typically is the "real" host, hosting multiple L2 instances.

    How many of the various cloud instances are running as L2 guests I don't have the slightest clue. Given that there's quite extensive backporting going on, I'd guess more than a few.

    Leave a comment:


  • CTTY
    replied
    Do I understand correctly, that this is only affecting machines with nested virtualization, while the guest (L2) in the guest (L1) can only access data from the guest (L1). So this security flaw does not enable any guest to access data from the host?
    Last edited by CTTY; 27 February 2020, 09:10 PM. Reason: typo

    Leave a comment:


  • tuxd3v
    replied
    Originally posted by puleglot View Post
    These security fixes also queued for 4.19 and 5.4 lts branches.
    Thanks!

    Leave a comment:


  • tuxd3v
    replied
    Originally posted by cynic View Post
    5.5.x is the current stable kernel, so security bug are fixed. What is that surprise you?
    Its not a surprise..
    The surprise is, why it was not for 5.4.x which is a stable kernel( LTS )..

    Leave a comment:


  • puleglot
    replied
    These security fixes also queued for 4.19 and 5.4 lts branches.

    Leave a comment:


  • cynic
    replied
    Originally posted by tuxd3v View Post
    I believe that 5.4.x is a lts kernel,
    I don't get the idea of 5.5.7( since its not a lts kernel.. ).

    Could it be a typo?
    5.5.x is the current stable kernel, so security bug are fixed. What is that surprise you?

    Leave a comment:


  • OMTDesign
    replied
    I hope Ubuntu ports this to their 4.15 kernel that is used in Ubuntu 16.04.

    Leave a comment:


  • tuxd3v
    replied
    I believe that 5.4.x is a lts kernel,
    I don't get the idea of 5.5.7( since its not a lts kernel.. ).

    Could it be a typo?

    Leave a comment:

Working...
X