4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
17.2%
In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel
may be able to read memory locations from another process in the same
guest. This problem is limit to the host running linux kernel 4.10 with a
guest running linux kernel 4.16 or later. The problem mainly affects AMD
processors but Intel CPUs cannot be ruled out.
Author | Note |
---|---|
tyhicks | This issue does not affect default installations of Ubuntu as the paravirtual TLB flush feature in KVM is not enabled by default. The QEMU CPU feature “kvm-pv-tlb-flush” is used to enable paravirtual TLB flush. |
cascardo | It is thought that issue does not affect Intel processors not supporting Process-Context Identifiers (PCIDs). You can check support for PCIDs on systems with Intel processors by running “grep pcid /proc/cpuinfo” and verifying that “pcid” shows as one of the flags. it was mentioned that it was only easily reproducible on AMD CPUs. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 19.10 | noarch | linux | < 5.3.0-42.34 | UNKNOWN |
ubuntu | 19.10 | noarch | linux-aws | < 5.3.0-1013.14 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.0 | < 5.0.0-1027.30 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-gcp | < 5.0.0-1033.34 | UNKNOWN |
ubuntu | 19.10 | noarch | linux-gcp | < 5.3.0-1014.15 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-gcp-5.3 | < 5.3.0-1014.15~18.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-gke-5.3 | < 5.3.0-1014.15~18.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure | < 5.0.0-1035.37 | UNKNOWN |
ubuntu | 19.10 | noarch | linux-azure | < 5.3.0-1016.17 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure-5.3 | < 5.3.0-1016.17~18.04.1 | UNKNOWN |
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
17.2%