Intel KVM Virtualization Hit By Vulnerability Over Unfinished Code

Written by Michael Larabel in Intel on 24 February 2020 at 09:03 PM EST. 8 Comments
INTEL
At least not another hardware vulnerability, but CVE-2020-2732 appears to stem from unfinished code within the Intel VMX code for the Linux kernel's Kernel-based Virtual Machine (KVM) support.

CVE-2020-2732 as of writing isn't yet public but we've been closely monitoring it since seeing a peculiar patch series earlier today and not finding much information on it.

Sent out as notice "FYI" were three patches for CVE-2020-2732. Those patches were already mailed in as part of KVM fixes targeting the current Linux 5.6 kernel cycle and quickly pulled in by Linus Torvalds. Linux 5.6 Git is now protected from CVE-2020-2732 and should be back-ported to stable kernels soon.

The patches were summed up as, "vmx_check_intercept is not yet fully implemented by KVM on Intel processors, causing e.g. the I/O or MSR interception bitmaps not to be checked. In general we can just disallow instruction emulation on behalf of L1, but this series also implements I/O port checks."


The vmx_check_intercept function within the Linux kernel even has a "TODO: check more intercepts..." but it appears that this vulnerability stems from the fact this function wasn't checking all intercepts and as such could end up emulating instructions disallowed by the virtualization hypervisor as the behavior until now was to continue in the default code path.

So the fix is to disable emulating instructions by default until the code is finished. The series also goes on to add checks for I/O bitmaps. Details though on CVE-2020-2732 are light though until the disclosure is made public. For what it's worth, the patches for this KVM issue were out of Google and CVE-2020-2732 was reserved back on 10 December 2019.

Update: More information and the patches are being back-ported.
8 Comments
Related News
Intel P-State Energy Aware Scheduling Patches Updated For Lunar Lake
Intel Lands "Round Robin Strict" Driver Optimization For Helping Battlemage/Xe2
Intel Looking To Raise SPIR-V Backend To Becoming An Official LLVM Target
Intel Panther Lake & Clearwater Forest Power Management Patches For Linux 6.14
Intel Begins Readying Graphics Driver Changes For The Linux 6.14 Kernel
UMD Direct Submission "Proof Of Concept" For The Intel Xe Linux Driver
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features
NTSYNC Linux Patches Revived To Help Boost Steam Play Gaming Performance
Rust-Based, Memory-Safe PNG Decoders "Vastly Outperform" C-Based PNG Libraries