CVE-2019-3016
kernel: kvm: Information leak within a KVM guest
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out.
En un Linux KVM invitado que posee PV TLB habilitado, un proceso en el kernel invitado puede ser capaz de leer ubicaciones de memoria de otro proceso en el mismo invitado. Este problema se limita al host que ejecuta Linux Kernel versión 4.10 con un invitado que ejecuta Linux Kernel versión 4.16 o posterior. El problema afecta principalmente a los procesadores AMD, pero las CPU Intel no se pueden descartar.
A flaw was found in the way Linux kernel's KVM hypervisor handled deferred TLB flush requests from guest. A race condition may occur between the guest issuing a deferred TLB flush request to KVM, and then KVM handling and acknowledging it. This may result in invalid address translations from TLB being used to access guest memory, leading to a potential information leakage issue. An attacker may use this flaw to access guest memory locations that it should not have access to.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2018-12-14 CVE Reserved
- 2020-01-31 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-30 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html | X_refsource_misc |
|
| http://www.openwall.com/lists/oss-security/2020/01/30/4 | Mailing List |
|
| https://lore.kernel.org/lkml/1580407316-11391-1-git-send-email-pbonzini%40redhat.com | X_refsource_confirm | |
| https://security.netapp.com/advisory/ntap-20200313-0003 | X_refsource_confirm |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1792167 | 2020-07-21 | |
| https://usn.ubuntu.com/4300-1 | 2023-11-07 | |
| https://usn.ubuntu.com/4301-1 | 2023-11-07 | |
| https://www.debian.org/security/2020/dsa-4699 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2019-3016 | 2020-07-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.16" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.10 Search vendor "Linux" for product "Linux Kernel" and version "4.10" | - |
Affected
| ||||||