CVE-2016-4020 - Vulnerability Details

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Qemu	Qemu
Redhat	Enterprise Linux Enterprise Linux Desktop Enterprise Linux Eus Enterprise Linux Server Enterprise Linux Server Aus Enterprise Linux Server Tus Enterprise Linux Workstation Openstack Virtualization

Configuration 1 [-]

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

Configuration 3 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR	cpe:2.3:a:redhat:openstack:6.0:::::::*
	cpe:2.3:a:redhat:openstack:7.0:::::::*
	cpe:2.3:a:redhat:openstack:8:::::::*
	cpe:2.3:a:redhat:openstack:9:::::::*
	cpe:2.3:a:redhat:openstack:10:::::::*
	cpe:2.3:a:redhat:openstack:11:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 5 [-]

AND

cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
qemu-kvm-10:1.5.3-141.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2017:1856	2017-08-01T00:00:00Z
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7
qemu-kvm-rhev-10:2.9.0-10.el7	cpe:/a:redhat:openstack:6::el7	RHSA-2017:2408	2017-08-01T00:00:00Z
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7
qemu-kvm-rhev-10:2.9.0-10.el7	cpe:/a:redhat:openstack:7::el7	RHSA-2017:2408	2017-08-01T00:00:00Z
Red Hat OpenStack Platform 10.0 (Newton)
qemu-kvm-rhev-10:2.9.0-10.el7	cpe:/a:redhat:openstack:10::el7	RHSA-2017:2408	2017-08-01T00:00:00Z
Red Hat OpenStack Platform 11.0 (Ocata)
qemu-kvm-rhev-10:2.9.0-10.el7	cpe:/a:redhat:openstack:11::el7	RHSA-2017:2408	2017-08-01T00:00:00Z
Red Hat OpenStack Platform 8.0 (Liberty)
qemu-kvm-rhev-10:2.9.0-10.el7	cpe:/a:redhat:openstack:8::el7	RHSA-2017:2408	2017-08-01T00:00:00Z
Red Hat OpenStack Platform 9.0 (Mitaka)
qemu-kvm-rhev-10:2.9.0-10.el7	cpe:/a:redhat:openstack:9::el7	RHSA-2017:2408	2017-08-01T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
qemu-kvm-rhev-10:2.9.0-14.el7	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2017:2392	2017-08-01T00:00:00Z

References

Link	Providers
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=691a02e2ce0c413236a78dee6f2651c937b09fb0
http://www.securityfocus.com/bid/86067
http://www.ubuntu.com/usn/USN-2974-1
https://access.redhat.com/errata/RHSA-2017:1856
https://access.redhat.com/errata/RHSA-2017:2392
https://access.redhat.com/errata/RHSA-2017:2408
https://bugzilla.redhat.com/show_bug.cgi?id=1313686
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01106.html
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html
https://nvd.nist.gov/vuln/detail/CVE-2016-4020
https://security.gentoo.org/glsa/201609-01
https://www.cve.org/CVERecord?id=CVE-2016-4020

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2016-05-25T15:00:00

Updated: 2024-08-06T00:17:30.133Z

Reserved: 2016-04-14T00:00:00

Link: CVE-2016-4020

Vulnrichment

No data.

NVD

Status : Modified

Published: 2016-05-25T15:59:04.927

Modified: 2024-11-21T02:51:10.763

Link: CVE-2016-4020

Redhat

Severity : Low

Publid Date: 2016-04-07T00:00:00Z

Links: CVE-2016-4020 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object