On AMD systems, a microcode patch will be applied to mitigates this flaw. This update will be sent automatically when the AMD active management feature is enabled in the BIOS. However, system administrators can also apply this update manually by downloading the patch from AMD.
Concurrent virtualization (CVM) remains unaffected.
An issue was found where a malicious user in a guest virtual machine could leverage the VMX/VT mode MSR bit to enter an infinite loop in the SMX/Hypervisor. This issue may result in reduced hypervisor performance and a potentially unstable system.
On AMD systems, a microcode patch will be applied to mitigates this issue. This update will be sent automatically when the AMD active management feature is enabled in the BIOS. However, system administrators can also apply this update manually by downloading the patch from AMD.
Concurrent virtualization (CVM) remains unaffected.
A flaw was found in the KVM's AMD nested virtualization (SVM). A user in the guest VM could abuse the MSR bit to read/write host kernel memory, potentially leading to privilege escalation and code execution in the host. On AMD systems, a microcode patch will be applied to mitigates this issue. This update will be sent automatically when the AMD active management feature is enabled in the BIOS. However, system administrators can also apply this update manually by downloading the patch from AMD.
Concurrent virtualization (CVM) remains unaffected
Intel
L1 Terminal Fault (L1TF)
On Intel systems, a microcode update will be applied to mitigates this flaw. This update will be sent automatically when the Intel active management feature is enabled in the BIOS. However, system administrators can also apply this update manually by downloading the patch from Intel.
Concurrent virtualization (CVM) remains unaffected
An issue was found where a malicious user in a guest virtual machine could leverage the VMX/VT mode MSR bit to enter an infinite loop in the SMX/Hypervisor. This issue may result in reduced hypervisor performance and a potentially unstable system.
On Intel systems, a microcode update will be applied to mitigates this issue. This update will be sent automatically when the Intel active management feature is enabled in the BIOS. However, system administrators can also apply this update manually by downloading the patch from Intel.
Concurrent virtualization (CVM) remains unaffected
After installing this update, you may find the following changes or issues were fixed:
- CVE-2022-3344
- HVM nested virtualization exploit patched
- AMD SMX/Hypervisor infinite loop patched
AMD Virtualization (AMD-V)
AMD Virtualization (AMD-V) is a technology that allows multiple operating systems to run simultaneously on the same host, using one or more virtual processors. AMD-V works with virtually all 64-bit and 32-bit operating systems and applications that support hardware virtualization.
Windows 10 Version 1607 and Windows Server 2016
A flaw in the way Windows Server 2016 handles objects in memory was found. An attacker with elevation of privilege, such as a malicious local administrator, can exploit this vulnerability to run arbitrary code on a targeted system.
Microsoft has fixed this issue by adding additional validation checks.
Windows 10 Version 1607 remains unaffected.
Checklist:
1. What are the 6 reasons why digital marketing is important?
2. What are the benefits of advertising on Facebook?
3. How do you target your ideal audience with digital marketing?
4. What is an example of a flaw found in KVM's AMD nested virtualization (SVM)?
Timeline
Published on: 10/25/2022 17:15:00 UTC
Last modified on: 10/28/2022 19:23:00 UTC