Wind River Support Network

HomeDefectsLIN6-11349

Fixed

LIN6-11349 : Security Advisory - qemu - CVE-2016-4020

Created: May 31, 2016 Updated: Dec 3, 2018

Resolved Date: Jun 19, 2016

Found In Version: 6.0.0.29

Fix Version: 6.0.0.30

Severity: Standard

Applicable for: Wind River Linux 6

Component/s: Userspace

Description

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4020

Other Downloads

Wind River Linux 6.0.0.30
Wind River Linux 6.0.0.31
Wind River Linux 6.0.0.32
Wind River Linux 6.0.0.33
Wind River Linux 6.0.0.34
Wind River Linux 6.0.0.35
Wind River Linux 6.0.0.36
Wind River Linux 6.0.0.37
Wind River Linux 6.0.0.38