NAK[F]: CVE-2020-2732

Seth Forshee seth.forshee at
Fri Mar 6 20:52:13 UTC 2020

On Thu, Feb 27, 2020 at 03:51:14PM -0300, Thadeu Lima de Souza Cascardo wrote:
> These are backports of the fixes to CVE-2020-2732. They affect X86 hosts. A
> nested guest (L2) may execute disallowed code, leading to access to L1
> resources.
> I used the backport from 4.4.y, which includes "emulate RDPID" as a pre-req, so
> we divert the least as possible from stable upstream.
> I did the same for Bionic 4.15, using the backports from 4.14.y.
> D/E/F have been built-tested, Ben Romer did some nested guest smoke testing
> with the Bionic patches, although with a version without the pre-req.
> Xenial is build testing right now. More tests are in development.

These have already been applied to focal from upstream stable updates.

More information about the kernel-team mailing list