CVE-2020-2732: Once again, experts found critical vulnerability in Intel KVM Virtualization

According to a report by vulnerability testing specialists, Intel KVM virtualization software has been impacted by a critical vulnerability existing due to unfinished code. The vulnerability, tracked as CVE-2020-2732, is present in Intel VMX, for Linux kernel-based virtual machine (KMV) support.

The vulnerability has not been publicly disclosed, although multiple groups of specialists have begun to follow it up since the release of a number of unusual security updates, although further details remain unconfirmed to this day.  

Developers released three security patches for CVE-2020-2732 remediation as part of KVM fixes targeting the current kernel cycle of the Linux 5.6 operating system.

Regarding the release of the updates, the developers mentioned: “vmx_check_intercept is not yet fully implemented by KVM on Intel processors, which causes input and output intercept bitmaps to not be verified or MSR”, mention the vulnerability testing specialists. “In general, we cannot allow instruction emulation on behalf of L1, but this series also implements input and output port checks”.

The function vmx_check_intercept within the Linux kernel even has an “ALL: verify more intercepts…”” but it seems that this vulnerability is due to the fact that this feature was not verifying all interceptions and, as such, could end up emulating instructions not allowed by the virtualization hypervisor, because the behavior until now was to continue in the default code path.

According to vulnerability testing specialists, the solution is to disable emulation instructions by default until the code is finished. The series also adds controls for input and output bitmaps. Details about the vulnerability are still scarce, as it is necessary to wait for it to be publicly disclosed.

For more information on recently encountered security flaws, exploits, cyberattacks, and malware analysis, you can visit the official website of the International Institute of Cyber Security (IICS), as well as the official communication platforms of the technology companies currently working to correct these incidents.