I usually don't do this, but as it is likely to be a widespread concern across many OpenStack deployments I thought it would be a good idea to bring the situation to everyone's attention and help spread the word. Today, two new vulnerabilities were announced in the Linux KVM implementation for AMD processors (CVE-2021-3653 and CVE-2021-3656): https://www.openwall.com/lists/oss-security/2021/08/16/1 The impact described there indicates that these could be leveraged by guest virtual machines to gain access to their underlying hypervisor host servers. If you run a KVM-based deployment on AMD processors, please be on the lookout for updates from your Linux distribution and apply them at the earliest opportunity. Also consider temporarily enacting the mitigations listed in the advisory (e.g. disabling nested virtualization in the kvm_amd module). -- Jeremy Stanley