Description: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources
References:
 https://bugzilla.redhat.com/show_bug.cgi?id=1805135
 https://www.spinics.net/lists/kvm/msg208259.html
 https://lore.kernel.org/stable/20200304085113.GA1419475@kroah.com/
Notes:
 carnil> Only the patch which was Cc'ed to stable@vger.kernel.org is
 carnil> strictly needed to adress the CVE, see
 carnil> https://lore.kernel.org/stable/20200304085113.GA1419475@kroah.com/
Bugs:
upstream: released (5.6-rc4) [07721feee46b4b248402133228235318199b05ec, 35a571346a94fb93b5b3b6a599675ef3384bc75c, e71237d3ff1abf9f3388337cfebf53b96df2020d]
4.19-upstream-stable: released (4.19.107) [ed9e97c35b454ceb1da4f65c318015a7ab298dae, 85dd0eb771e8cef7839dbd4cb61acde0b86ecd9e, e5c0857bd5ccf34d93b5b1ea858ab3d81a685b08]
4.9-upstream-stable: released (4.9.215) [86dc39e580d8e3ffa42c8157d3e28249fd9a12c5, f3e0dfb310e6a6f0190dbb3d6b337513b548507b, 35523a2d9918e36ad4fa6c9c0176279d7c1f4291]
3.16-upstream-stable: released (3.16.83) [5d7476c40cd352ec82aec26f6c6d8c413eb2b17b]
sid: released (5.5.13-1)
4.19-buster-security: released (4.19.98-1+deb10u1) [bugfix/x86/KVM-nVMX-Don-t-emulate-instructions-in-guest-mode.patch]
4.9-stretch-security: released (4.9.210-1+deb9u1) [bugfix/x86/kvm-nvmx-don-t-emulate-instructions-in-guest-mode.patch, bugfix/x86/kvm-nvmx-refactor-io-bitmap-checks-into-helper-funct.patch, bugfix/x86/kvm-nvmx-check-io-instruction-vm-exit-conditions.patch]
3.16-jessie-security: released (3.16.84-1)