1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
PublicDateAtUSN: 2016-04-14
Candidate: CVE-2016-4020
PublicDate: 2016-05-25
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4020
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html
http://www.openwall.com/lists/oss-security/2016/04/13/6
http://www.ubuntu.com/usn/usn-2974-1
Description:
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not
initialize the imm32 variable, which allows local guest OS administrators
to obtain sensitive information from host stack memory by accessing the
Task Priority Register (TPR).
Ubuntu-Description:
Notes:
Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1313686
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=821062
Priority: medium
Discovered-by: Donghai Zdh
Assigned-to: mdeslaur
Patches_qemu-kvm:
upstream_qemu-kvm: needs-triage
precise_qemu-kvm: not-affected (code not present)
trusty_qemu-kvm: DNE
vivid/ubuntu-core_qemu-kvm: DNE
vivid/stable-phone-overlay_qemu-kvm: DNE
wily_qemu-kvm: DNE
xenial_qemu-kvm: DNE
devel_qemu-kvm: DNE
Patches_qemu:
other: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01106.html
upstream_qemu: needed
precise_qemu: DNE
trusty_qemu: released (2.0.0+dfsg-2ubuntu1.24)
vivid/ubuntu-core_qemu: DNE
vivid/stable-phone-overlay_qemu: DNE
wily_qemu: released (1:2.3+dfsg-5ubuntu9.4)
xenial_qemu: released (1:2.5+dfsg-5ubuntu10.1)
devel_qemu: not-affected (1:2.6+dfsg-3ubuntu1)
|