1. Home
  2. Vulnerabilities
  3. CVE-2019-3016

CVE-2019-3016

CVSS v3.1 4.7 (Medium)
47% Progress
CVSS v2.0 1.9 (Low)
19% Progress
EPSS 0.05 % (20th)
0.05% Progress
Affected Products 1
Advisories 10
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out.

Weaknesses
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE Status
PUBLISHED
CNA
Oracle
Published Date
2020-01-31 20:15:11
(4 years ago)
Updated Date
2023-11-07 03:09:46
(10 months ago)

Affected Products

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel from 4.16 version cpe:2.3:o:linux:linux_kernel >= 4.16
  Linux Kernel 4.10 cpe:2.3:o:linux:linux_kernel:4.10