QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2019-3887

Back to search

CVE-2019-3887

Published: Apr 9, 2019

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.0

6.7

MEDIUM

Description

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.

VendorProductVersions

The Linux Foundation

Kernel

affected
from 4.16

Weaknesses (CWE)

CWE-863

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

High

References

107850
vdb-entry
FEDORA-2019-94dc902948
vendor-advisory
USN-3980-1
vendor-advisory
USN-3979-1
vendor-advisory
USN-3980-2
vendor-advisory
RHSA-2019:2703
vendor-advisory
RHSA-2019:2741
vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now