Ubuntu Security Notice 4301-1 - It was discovered that the KVM implementation in the Linux kernel, when paravirtual TLB flushes are enabled in guests, the hypervisor in some situations could miss deferred TLB flushes or otherwise mishandle them. An attacker in a guest VM could use this to expose sensitive information. Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested guest access the resources of a parent guest in certain situations. An attacker could use this to expose sensitive information. Various other issues were also addressed.