Intel KVM Virtualization Hit By Vulnerability Over Unfinished Code
Written by Michael Larabel in Intel on 24 February 2020 at 09:03 PM EST. 8 Comments
INTEL --
At least not another hardware vulnerability, but CVE-2020-2732 appears to stem from unfinished code within the Intel VMX code for the Linux kernel's Kernel-based Virtual Machine (KVM) support.

CVE-2020-2732 as of writing isn't yet public but we've been closely monitoring it since seeing a peculiar patch series earlier today and not finding much information on it.

Sent out as notice "FYI" were three patches for CVE-2020-2732. Those patches were already mailed in as part of KVM fixes targeting the current Linux 5.6 kernel cycle and quickly pulled in by Linus Torvalds. Linux 5.6 Git is now protected from CVE-2020-2732 and should be back-ported to stable kernels soon.

The patches were summed up as, "vmx_check_intercept is not yet fully implemented by KVM on Intel processors, causing e.g. the I/O or MSR interception bitmaps not to be checked. In general we can just disallow instruction emulation on behalf of L1, but this series also implements I/O port checks."


The vmx_check_intercept function within the Linux kernel even has a "TODO: check more intercepts..." but it appears that this vulnerability stems from the fact this function wasn't checking all intercepts and as such could end up emulating instructions disallowed by the virtualization hypervisor as the behavior until now was to continue in the default code path.

So the fix is to disable emulating instructions by default until the code is finished. The series also goes on to add checks for I/O bitmaps. Details though on CVE-2020-2732 are light though until the disclosure is made public. For what it's worth, the patches for this KVM issue were out of Google and CVE-2020-2732 was reserved back on 10 December 2019.

Update: More information and the patches are being back-ported.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week