« List of all CVEs

CVE-2016-4020

Published: 5/25/2016 Last updated: 8/6/2024 Reserved: 4/14/2016

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Opam packages affected (2)

conf-qemu-img nbd-tool

Products affected (1)

Product Vendor Version
n/a n/a < 15.2

References (22)