CVE-2016-4020

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

CVSS v3 6.5 MEDIUM
CVSS v2.0 2.1 LOW

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=691a02e2ce0c413236a78dee6f2651c937b09fb0
http://www.securityfocus.com/bid/86067	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2974-1	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1856	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2392	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2408	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1313686	Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html	Mailing List Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01106.html	Patch Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html	Patch Third Party Advisory
https://security.gentoo.org/glsa/201609-01	Third Party Advisory
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=691a02e2ce0c413236a78dee6f2651c937b09fb0
http://www.securityfocus.com/bid/86067	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2974-1	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1856	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2392	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2408	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1313686	Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html	Mailing List Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01106.html	Patch Third Party Advisory
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html	Patch Third Party Advisory
https://security.gentoo.org/glsa/201609-01	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:a:redhat:openstack:6.0:::::::*
	cpe:2.3:a:redhat:openstack:7.0:::::::*
	cpe:2.3:a:redhat:openstack:8:::::::*
	cpe:2.3:a:redhat:openstack:9:::::::*
	cpe:2.3:a:redhat:openstack:10:::::::*
	cpe:2.3:a:redhat:openstack:11:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 5 (hide)

AND

cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-05-25 15:59

Updated : 2025-04-12 10:46

NVD link : CVE-2016-4020

Mitre link : CVE-2016-4020

CVE.ORG link : CVE-2016-4020

JSON object : View

Products Affected

qemu

qemu

redhat

enterprise_linux_workstation
virtualization
enterprise_linux_server_aus
enterprise_linux_desktop
openstack
enterprise_linux_eus
enterprise_linux
enterprise_linux_server
enterprise_linux_server_tus

debian

debian_linux

canonical

ubuntu_linux

CWE

NVD-CWE-noinfo

6.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2016-4020

6.5^/10

2.1^/10

Attach tags to `CVE-2016-4020`