CVE-2019-3016

MEDIUM

Linux Kernel >= 4.16 - Unauthorized Memory Read via PV TLB Race Condition

Title source: llm
STIX 2.1

Description

In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out.

References (13)

Core 13
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/01/30/4
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1792167
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200313-0003/
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4300-1/
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4301-1/
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2020/dsa-4699

Scores

CVSS v3 6.2
EPSS 0.0061
EPSS Percentile 44.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-200 CWE-362
Status published
Products (2)
linux/linux_kernel 4.10
linux/linux_kernel 4.16
Published Jan 31, 2020
Tracked Since Feb 18, 2026