« List of all CVEs

CVE-2019-3016

Published: 1/31/2020 Last updated: 9/30/2024 Reserved: 12/14/2018

In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out.

CNA assigner: oracle (43595867-4340-4103-b7a2-9a5208d29a85) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 6.2 Medium CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (1)

Product Vendor Version
linux_kernel linux Snapdragon 8+ Gen 2 Mobile Platform

References (26)