CVE-2019-3016

EPSS 0.06%
Veröffentlicht 31.01.2020 20:15:11
Zuletzt bearbeitet 21.11.2024 04:41:59
Quelle secalert_us@oracle.com
CVE-Watchlists
Login
Unerledigt
Login

In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 16

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.16

Linux ≫ Linux Kernel Version4.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.189

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.7	1	3.6	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	1.9	3.4	2.9	AV:L/AC:M/Au:N/C:P/I:N/A:N
secalert_us@oracle.com	6.2	2.5	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html

https://usn.ubuntu.com/4300-1/

https://usn.ubuntu.com/4301-1/

https://www.debian.org/security/2020/dsa-4699

https://security.netapp.com/advisory/ntap-20200313-0003/

http://www.openwall.com/lists/oss-security/2020/01/30/4

Third Party Advisory

Mailing List

https://bugzilla.redhat.com/show_bug.cgi?id=1792167

Third Party Advisory

Issue Tracking

https://git.kernel.org/linus/1eff70a9abd46f175defafd29bc17ad456f398a7