PT-2020-1636 · Linux+4 · Linux Kernel+4

Boris Ostrovsky

·

Published

2020-01-30

·

Updated

2024-06-15

·

CVE-2019-3016

CVSS v3.1

6.2

Medium

VectorAV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions 4.10 (host) with 4.16 or later (guest)
Description The issue is related to the Kernel-based Virtual Machine (KVM) subsystem in Linux, specifically with simultaneous execution using a shared resource with incorrect synchronization. This allows an attacker to access confidential data. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out.
Recommendations For Linux kernel version 4.10 (host) with 4.16 or later (guest), consider disabling PV TLB in the guest kernel as a temporary workaround until a patch is available. Restrict access to sensitive data in the guest kernel to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-362

Related Identifiers

ALT-PU-2020-1204
ALT-PU-2020-1219
ALT-PU-2020-1398
ALT-PU-2020-1501
ALT-PU-2020-1524
ALT-PU-2020-1945
ALT-PU-2020-3057
ALT-PU-2021-1745
AZL-34852
AZL-6519
BDU:2020-00851
CESA-2020_3010
CESA-2020_3016
CVE-2019-3016
DSA-4699-1
LSN-0065-1
MGASA-2020-0073
MGASA-2020-0089
OPENSUSE-SU-2024:10728-1
OPENSUSE-SU-2024:13704-1
RHSA-2020:3010
RHSA-2020:3016
RHSA-2020_3010
RHSA-2020_3016
USN-4300-1
USN-4301-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Ubuntu