Description
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a
References (4)
Core 4
Core References
Mailing List, Patch, Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2e7eab81425ad6c875f2ed47c0ce01e78afc38a5
Patch, Third Party Advisory
https://kernel.dance/#2e7eab81425a
Mailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
Vendor Advisory
https://security.netapp.com/advisory/ntap-20230223-0002/
Scores
CVSS v3
5.8
EPSS
0.0029
EPSS Percentile
20.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-1188
Status
published
Products (2)
debian/debian_linux
10.0
linux/linux_kernel
5.4.47 - 5.4.233
Published
Jan 09, 2023
Tracked Since
Feb 18, 2026