VYPR
Medium severity6.5NVD Advisory· Published May 25, 2016· Updated Jun 17, 2026

CVE-2016-4020

CVE-2016-4020

Description

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

47

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.