Vulnerabilities

CVE-2016-4020

by Fred · 25/05/2016

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

Date published : 2016-05-25

http://www.securityfocus.com/bid/86067

http://git.qemu.org/?p=qemu.git;a=commit;h=691a02e2ce0c413236a78dee6f2651c937b09fb0

Similar

Tags: Cybersecurity Alert