Untrapped AMD Virtualization Instructions Vulnerability in FreeBSD

Untrapped AMD Virtualization Instructions Vulnerability in FreeBSD

CVE-2020-7467 · HIGH Severity

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these instructions was not trapped.

Learn more about our Physical Security Assessment.