Published: 31/01/2020 Updated: 07/11/2023

CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4

CVSS v3 Base Score: 4.7 | Impact Score: 3.6 | Exploitability Score: 1

VMScore: 169

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

It exists that the KVM implementation in the Linux kernel, when paravirtual TLB flushes are enabled in guests, the hypervisor in some situations could miss deferred TLB flushes or otherwise mishandle them. An attacker in a guest VM could use this to expose sensitive information (read memory from another guest VM). (CVE-2019-3016)

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 4.10
linux linux kernel

Several security issues were fixed in the Linux kernel ...

Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...

Synopsis Important: Container-native Virtualization security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 240 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Securi ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2019-3016 It was discovered that the KVM implementation for x86 did not always perform TLB flushes when needed, if the paravirtualised TLB flush feature was enabled This could lead to di ...

A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_bufferc in the Linux kernel before 539 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3 (CVE-2019-19061) A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmic in the Linux kernel through 53 ...

oss-sec mailing list archives   By Date By Thread </form>    CVE-2019-3016: information leak within a KVM guest   From: John Haxby &lt ...

CWE-362 https://bugzilla.redhat.com/show_bug.cgi?id=1792167 https://git.kernel.org/linus/a6bd811f1209fe1c64c9f6fd578101d6436c6b6e https://git.kernel.org/linus/917248144db5d7320655dbb41d3af0b8a0f3d589 https://git.kernel.org/linus/b043138246a41064527cf019a3d51d9f015e9796 http://www.openwall.com/lists/oss-security/2020/01/30/4 https://git.kernel.org/linus/8c6de56a42e0c657955e12b882a81ef07d1d073e https://git.kernel.org/linus/1eff70a9abd46f175defafd29bc17ad456f398a7 https://security.netapp.com/advisory/ntap-20200313-0003/https://usn.ubuntu.com/4300-1/https://usn.ubuntu.com/4301-1/http://packetstormsecurity.com/files/157233/Kernel-Live-Patch-Security-Notice-LSN-0065-1.html https://www.debian.org/security/2020/dsa-4699 https://lore.kernel.org/lkml/1580407316-11391-1-git-send-email-pbonzini%40redhat.com/https://nvd.nist.gov https://usn.ubuntu.com/4301-1/

CVE-2019-3016

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect