PT-2019-2980 · Linux+4 · Linux Kernel+4

Marc Orr

Published

2019-04-05

Updated

2024-06-15

CVE-2019-3887

CVSS v3.1

6.7

Medium

Vector

AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H

Name of the Vulnerable Software and Affected Versions Linux Kernel versions 4.16 and newer

Description The issue is related to a flaw in the KVM hypervisor's handling of x2APIC Machine Specific Register (MSR) access with nested virtualization enabled, allowing a guest to potentially access the host's APIC register values and crash the host kernel, resulting in a denial of service.

Recommendations For Linux Kernel versions 4.16 and newer, update to a version that includes a fix for this issue to prevent potential denial of service attacks.

Fix

DoS

Incorrect Authorization

RCE

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-20CWE-284

Related Identifiers

ALT-PU-2019-1663

ALT-PU-2019-1664

ALT-PU-2019-1665

ALT-PU-2019-1666

AZL-34854

AZL-6521

BDU:2019-02958

CESA-2019_2703

CESA-2019_2741

CVE-2019-3887

OPENSUSE-SU-2024:10728-1

OPENSUSE-SU-2024:13704-1

RHSA-2019:2703

RHSA-2019:2741

RHSA-2019_2703

RHSA-2019_2741

USN-3979-1

USN-3980-1

USN-3980-2

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Ubuntu

PT-2019-2980 · Linux+4 · Linux Kernel+4

CVE-2019-3887

Weakness Enumeration

Related Identifiers

Affected Products

References · 239