CVE-2019-3887
Severity
5.6MEDIUM
EPSS
0.0%
top 89.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 9
Latest updateMay 13
Description
A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 1.1 | Impact: 4.0
Affected Packages3 packages
Also affects: Fedora 29, Ubuntu Linux 18.04, 18.10, 19.04, Enterprise Linux 8.0, 8.1, 8.2, 8.4, 8
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-j2cm-6mgm-v7v4: A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled↗2022-05-13
OSV▶
CVE-2019-3887: A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled↗2019-04-09
CVEList▶
CVE-2019-3887: A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled↗2019-04-09
📋Vendor Advisories
6Microsoft▶
A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that L1 guest could access L0's APIC register values via L2↗2019-04-09