CVE-2019-3016 — Sensitive Information Exposure in Linux
Severity
4.7MEDIUMNVD
OSV7.5OSV6.2OSV4.6
EPSS
0.1%
top 80.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedJan 31
Latest updateMay 24
Description
In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6
Affected Packages29 packages
Patches
🔴Vulnerability Details
11GHSA▶
GHSA-g7mw-cr59-r458: In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same gues↗2022-05-24
OSV
▶
OSV▶
linux, linux-aws, linux-gcp, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-raspi2-5.3, linux-azure, linux-azure-5.3 vulnerabilities↗2020-03-25
OSV▶
CVE-2019-3016: In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same gues↗2020-01-31
📋Vendor Advisories
6Microsoft▶
In a Linux KVM guest that has PV TLB enabled a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux ↗2020-01-14