CVE-2016-4020
6.5
MEDIUM
CVSS 3.1
EPSS 0.08%
Description
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).
How to fix CVE-2016-4020
To remediate CVE-2016-4020, upgrade the affected package to a fixed version below.
- Debian/qemu—upgrade to 1:2.6+dfsg-2 or later
Is CVE-2016-4020 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:2.6+dfsg-2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |