CVE-2020-2732: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability (CVE-2020-2732) was discovered in the KVM hypervisor's handling of instruction emulation for L2 guests when nested virtualization is enabled. The vulnerability was discovered by Paolo Bonzini and disclosed in February 2020. It affects the KVM hypervisor implementation on Intel processors when nested virtualization is enabled (kvm-intel.nested=1) (Red Hat Bugzilla, Ubuntu Security).

The vulnerability stems from improper handling of instruction emulation for L2 guests in nested virtualization scenarios. Under certain circumstances, an L2 guest could trick the L0 hypervisor into accessing sensitive L1 resources that should be inaccessible according to L1 hypervisor configuration. The issue specifically relates to how the KVM hypervisor handles I/O instruction VM-exit conditions and IO bitmap checks (Kernel Commit). The vulnerability has a CVSS 3 Severity Score of 6.8 (Medium) (Ubuntu Security).

If exploited, this vulnerability could allow an L2 guest to cause privilege escalation, denial of service, or information leaks in the L1 guest. The vulnerability only affects Intel processors with nested virtualization enabled (Debian Security).

The vulnerability was patched through multiple kernel commits that improve instruction emulation handling and IO bitmap checks. The fixes include preventing instruction emulation in guest mode, implementing proper IO instruction VM-exit condition checks, and refactoring IO bitmap checks into a helper function (Kernel Commit, Kernel Commit, Kernel Commit).