MNBSD-2020-10: bhyve does not trap AMD virtualization instructions

Severity: Unknown

Affected Package: kernel

Summary: bhyve does not trap AMD virtualization instructions

Description

A number of AMD virtualization instructions operate on host physical addresses and are not subject to nested page table translation. Guest use of these instructions was not trapped by bhyve, allowing a malicious guest on an AMD host to write to arbitrary host memory and potentially gain complete control of the host.

Affected Versions

kernel

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2020-7467

Published: September 15, 2020
Last Modified: September 15, 2020