Severity: Unknown
Affected Package: kernel
Summary: bhyve does not trap AMD virtualization instructions
A number of AMD virtualization instructions operate on host physical addresses and are not subject to nested page table translation. Guest use of these instructions was not trapped by bhyve, allowing a malicious guest on an AMD host to write to arbitrary host memory and potentially gain complete control of the host.
No specific recommendations provided.
Aliases: CVE-2020-7467
Published: September 15, 2020
Last Modified: September 15, 2020