Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2016-4020

Опубликовано: 25 мая 2016
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 2.1
CVSS3: 6.5

Описание

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

РелизСтатусПримечание
devel

not-affected

1:2.6+dfsg-3ubuntu1
esm-infra-legacy/trusty

not-affected

2.0.0+dfsg-2ubuntu1.24
esm-infra/xenial

not-affected

1:2.5+dfsg-5ubuntu10.1
precise

DNE

trusty

released

2.0.0+dfsg-2ubuntu1.24
trusty/esm

not-affected

2.0.0+dfsg-2ubuntu1.24
upstream

needed

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

released

1:2.3+dfsg-5ubuntu9.4

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra-legacy/trusty

DNE

precise

not-affected

code not present
trusty

DNE

trusty/esm

DNE

upstream

needs-triage

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

wily

DNE

xenial

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 26%
0.00085
Низкий

2.1 Low

CVSS2

6.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2016-4020

CVSS3: 3.4
redhat
больше 9 лет назад

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

nvd логотип

CVE-2016-4020

CVSS3: 6.5
nvd
около 9 лет назад

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

debian логотип

CVE-2016-4020

CVSS3: 6.5
debian
около 9 лет назад

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not ...

github логотип

GHSA-vcqr-cc8h-57gj

CVSS3: 6.5
github
около 3 лет назад

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

oracle-oval логотип

ELSA-2017-1856

oracle-oval
около 8 лет назад

ELSA-2017-1856: qemu-kvm security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 26%
0.00085
Низкий

2.1 Low

CVSS2

6.5 Medium

CVSS3