Vulnerability Change Records for CVE-2016-4020

Change History

CVE Translated 5/29/2016 2:45:00 AM

Action Type Old Value New Value
Added Translation

								
							
							
						
La función patch_instruction en hw/i386/kvmvapic.c en QEMU no inicializa la variable imm32, lo que permite a administradores locales del SO invitado obtener información sensible de la memoria de pila del anfitrión accediendo al Task Priority Register (TPR).
Removed Translation
La función patch_instruction en hw/i386/kvmvapic.c en QEMU no inicializa la variable imm32, lo que permite a administradores locales del SO invitado obtener información sensible de la memoria de pila del anfitrión accediendo a Task Priorty Register (TPR).

								
						

CPE Deprecation Remap 8/04/2021 1:15:24 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:a:redhat:openstack:11.0:*:*:*:*:*:*:*
OR
     *cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*

CVE Modified by Source 5/28/2016 9:59:01 PM

Action Type Old Value New Value
Changed Description
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priorty Register (TPR).
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

CPE Deprecation Remap 8/04/2021 1:15:17 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:a:redhat:openstack:8.0:*:*:*:*:*:*:*
OR
     *cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*

CVE Modified by Source 6/20/2016 9:59:46 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.ubuntu.com/usn/USN-2974-1

CVE Modified by Red Hat, Inc. 1/04/2018 9:30:44 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2017:1856 [No Types Assigned]
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2017:2392 [No Types Assigned]
Added Reference

								
							
							
						
https://access.redhat.com/errata/RHSA-2017:2408 [No Types Assigned]

CVE Modified by Red Hat, Inc. 11/28/2016 3:14:34 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securityfocus.com/bid/86067 [No Types Assigned]

Modified Analysis 5/25/2016 2:40:00 PM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
Configuration 1
     OR
          *cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*
Added CVSS V2

								
							
							
						
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
Added CVSS V3

								
							
							
						
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Added CWE

								
							
							
						
CWE-200
Changed Reference Type
http://git.qemu.org/?p=qemu.git;a=commit;h=691a02e2ce0c413236a78dee6f2651c937b09fb0 No Types Assigned
http://git.qemu.org/?p=qemu.git;a=commit;h=691a02e2ce0c413236a78dee6f2651c937b09fb0 Advisory
Changed Reference Type
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01106.html No Types Assigned
https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01106.html Advisory

CPE Deprecation Remap 8/04/2021 1:15:35 PM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:a:redhat:openstack:9.0:*:*:*:*:*:*:*
OR
     *cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*

CVE Modified by Red Hat, Inc. 12/01/2018 6:29:03 AM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://lists.debian.org/debian-lts-announce/2018/11/msg00038.html [No Types Assigned]

CVE Modified by Red Hat, Inc. 6/30/2017 9:29:44 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://security.gentoo.org/glsa/201609-01 [No Types Assigned]

Modified Analysis 6/21/2016 5:39:33 PM

Action Type Old Value New Value
Changed CPE Configuration
Configuration 1
     OR
          *cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*
Configuration 1
     OR
          *cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*
Configuration 2
     OR
          *cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
          *cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
          *cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
          *cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

Initial CVE Analysis 5/25/2016 2:18:38 PM

Action Type Old Value New Value