Home > Vulnerability Database > CVE-2020-2732

Mend.io Vulnerability Database

CVE-2020-2732

Good to know:

Date: April 8, 2020

A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.

Language: C

Severity Score

5.8

Related Resources (17)

Url: https://git.kernel.org/linus/e71237d3ff1abf9f3388337cfebf53b96df2020d

Url: https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html

Url: https://linux.oracle.com/errata/ELSA-2020-5542.html

Url: https://www.openwall.com/lists/oss-security/2020/02/25/3

Url: https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html

Url: https://www.debian.org/security/2020/dsa-4698

Url: https://git.kernel.org/linus/35a571346a94fb93b5b3b6a599675ef3384bc75c

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-2732

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1805135

Url: https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec

Url: https://www.spinics.net/lists/kvm/msg208259.html

Url: https://www.debian.org/security/2020/dsa-4667

Url: https://linux.oracle.com/errata/ELSA-2020-5543.html

Url: https://linux.oracle.com/errata/ELSA-2020-5540.html

Url: https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html

Url: https://access.redhat.com/security/cve/CVE-2020-2732

Url: https://www.mend.io/vulnerability-database/CVE-2020-2732

Severity Score

5.8

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Top Fix

Upgrade Version

Upgrade to version linux-libc-headers - 5.8

Learn More

CVSS v3.1

Base Score:	5.8
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.3
Access Vector (AV):	ADJACENT
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-2732

Good to know:

Date: April 8, 2020

Language: C

Severity Score

Related Resources (17)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?