Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:24362
HistoryApr 10, 2020 - 12:53 a.m.

Information Disclosure

2020-04-1000:53:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

kvm is vulnerable to information disclosure. The vulnerability exists as a data structure field in kvm_vcpu_ioctl_x86_get_vcpu_events() in QEMU-KVM was not initialized properly before being copied to user-space. A privileged host user with access to “/dev/kvm” could use this flaw to leak kernel stack memory to user-space.

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

Related for VERACODE:24362