Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-4020

Опубликовано: 07 апр. 2016
Источник: redhat
CVSS3: 3.4
CVSS2: 2.9

Описание

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

An information-exposure flaw was found in Quick Emulator (QEMU) in Task Priority Register (TPR) optimizations for 32-bit Windows guests. The flaw could occur while accessing TPR. A privileged user inside a guest could use this issue to read portions of the host memory.

Отчет

This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kvmNot affected
Red Hat Enterprise Linux 5xenNot affected
Red Hat Enterprise Linux 6qemu-kvmNot affected
Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse)qemu-kvm-rhevWill not fix
Red Hat OpenStack Platform 12 (Pike)qemu-kvm-rhevNot affected
Red Hat Enterprise Linux 7qemu-kvmFixedRHSA-2017:185601.08.2017
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7qemu-kvm-rhevFixedRHSA-2017:240801.08.2017
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7qemu-kvm-rhevFixedRHSA-2017:240801.08.2017
Red Hat OpenStack Platform 10.0 (Newton)qemu-kvm-rhevFixedRHSA-2017:240801.08.2017
Red Hat OpenStack Platform 11.0 (Ocata)qemu-kvm-rhevFixedRHSA-2017:240801.08.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1313686Qemu: i386: leakage of stack memory to guest in kvmvapic.c

3.4 Low

CVSS3

2.9 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-4020

CVSS3: 6.5
ubuntu
около 9 лет назад

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

nvd логотип

CVE-2016-4020

CVSS3: 6.5
nvd
около 9 лет назад

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

debian логотип

CVE-2016-4020

CVSS3: 6.5
debian
около 9 лет назад

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not ...

github логотип

GHSA-vcqr-cc8h-57gj

CVSS3: 6.5
github
около 3 лет назад

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

oracle-oval логотип

ELSA-2017-1856

oracle-oval
почти 8 лет назад

ELSA-2017-1856: qemu-kvm security, bug fix, and enhancement update (MODERATE)

3.4 Low

CVSS3

2.9 Low

CVSS2