CVE-2016-4020 — MEDIUM (6.5)

Q: How severe is CVE-2016-4020?

CVE-2016-4020 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-4020?

Check the references section above for vendor advisories and patch information. Affected products include: Qemu Qemu, Canonical Ubuntu Linux, Debian Debian Linux, Redhat Openstack, Redhat Enterprise Linux Desktop.

Vulnerability Description

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Qemu	Qemu	<= 2.6.2
Canonical	Ubuntu Linux	12.04
Debian	Debian Linux	8.0
Redhat	Openstack	6.0
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Eus	7.4
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	7.4
Redhat	Enterprise Linux Server Tus	7.6
Redhat	Enterprise Linux Workstation	7.0
Redhat	Virtualization	4.0
Redhat	Enterprise Linux	7.0

References

http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=691a02e2ce0c413236a78dee6f2651c93
http://www.securityfocus.com/bid/86067Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-2974-1Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1856Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2392Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2408Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1313686Issue TrackingThird Party Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.htmlMailing ListThird Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01106.htmlPatchThird Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.htmlPatchThird Party Advisory
https://security.gentoo.org/glsa/201609-01Third Party Advisory
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=691a02e2ce0c413236a78dee6f2651c93
http://www.securityfocus.com/bid/86067Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-2974-1Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1856Third Party Advisory

FAQ

What is CVE-2016-4020?

CVE-2016-4020 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory b...

How severe is CVE-2016-4020?

CVE-2016-4020 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-4020?

Check the references section above for vendor advisories and patch information. Affected products include: Qemu Qemu, Canonical Ubuntu Linux, Debian Debian Linux, Redhat Openstack, Redhat Enterprise Linux Desktop.