CVE-2016-4020

First published: Wed Mar 02 2016(Updated: )

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
QEMU qemu	<=2.6.2
Canonical Ubuntu Linux	=12.04
Canonical Ubuntu Linux	=14.04
Canonical Ubuntu Linux	=15.10
Canonical Ubuntu Linux	=16.04
Debian Debian Linux	=8.0
Redhat Openstack	=6.0
Redhat Openstack	=7.0
Redhat Openstack	=8
Redhat Openstack	=9
Redhat Openstack	=10
Redhat Openstack	=11
Redhat Enterprise Linux Desktop	=7.0
Redhat Enterprise Linux Eus	=7.4
Redhat Enterprise Linux Eus	=7.5
Redhat Enterprise Linux Eus	=7.6
Redhat Enterprise Linux Eus	=7.7
Redhat Enterprise Linux Server	=7.0
Redhat Enterprise Linux Server Aus	=7.4
Redhat Enterprise Linux Server Aus	=7.6
Redhat Enterprise Linux Server Aus	=7.7
Redhat Enterprise Linux Server Tus	=7.6
Redhat Enterprise Linux Server Tus	=7.7
Redhat Enterprise Linux Workstation	=7.0
Redhat Virtualization	=4.0
Redhat Enterprise Linux	=7.0

Remedy

https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01106.html

Remedy

https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html

Never miss a vulnerability like this again

Reference Links

collector/nvd-index
agent/type
agent/remedy
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2016-4020
agent/references
agent/tags
agent/severity
agent/author
agent/description
agent/event
collector/mitre-cve
source/MITRE
vendor/qemu
canonical/qemu qemu
version/qemu qemu/2.6.2
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/12.04
version/canonical ubuntu linux/14.04
version/canonical ubuntu linux/15.10
version/canonical ubuntu linux/16.04
vendor/debian
canonical/debian debian linux
version/debian debian linux/8.0
vendor/redhat
canonical/redhat openstack
version/redhat openstack/6.0
version/redhat openstack/7.0
version/redhat openstack/8
version/redhat openstack/9
version/redhat openstack/10
version/redhat openstack/11
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux eus
version/redhat enterprise linux eus/7.4
version/redhat enterprise linux eus/7.5
version/redhat enterprise linux eus/7.6
version/redhat enterprise linux eus/7.7
canonical/redhat enterprise linux server
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/7.4
version/redhat enterprise linux server aus/7.6
version/redhat enterprise linux server aus/7.7
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/7.6
version/redhat enterprise linux server tus/7.7
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/7.0
canonical/redhat virtualization
version/redhat virtualization/4.0
canonical/redhat enterprise linux
version/redhat enterprise linux/7.0

CVE-2016-4020

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact