CVE-2020-36311: 
Linux Kernel vulnerability analysis and mitigation

CVE-2020-36311 is a vulnerability discovered in the Linux kernel before version 5.9, specifically affecting the KVM hypervisor implementation for AMD processors. The vulnerability was discovered in the arch/x86/kvm/svm/sev.c component and was disclosed in April 2021. The issue affects systems running KVM with AMD SEV (Secure Encrypted Virtualization) functionality (Ubuntu Security, Debian Security).

The vulnerability exists in the KVM hypervisor's handling of large SEV VM destruction. When destroying a large SEV VM that requires unregistering many encrypted regions, the system does not ensure enough processing time for cleanup operations. This can lead to soft lockups due to the extensive number of encrypted regions that need to be unregistered during VM destruction. The issue was fixed by adding periodic scheduling during the cleanup process (Kernel Commit).

The vulnerability can be exploited by a local attacker to cause a denial of service condition through soft lockups when destroying large SEV VMs. This affects system stability and availability, particularly in environments where large SEV-enabled virtual machines are frequently created and destroyed (Debian Security).

The issue has been fixed in Linux kernel version 5.9 and backported to various distribution kernels. Ubuntu has released fixes for affected versions including Ubuntu 20.04 LTS (focal) in version 5.4.0-84.94. Debian has addressed the vulnerability in version 4.19.194-3 for Debian 10 (buster). Users should update their systems to the patched versions (Ubuntu Security, Debian Security).