Medium severity6.5NVD Advisory· Published May 25, 2016· Updated Jun 17, 2026
CVE-2016-4020
CVE-2016-4020
Description
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
47cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- osv-coords21 versionspkg:rpm/opensuse/qemu&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/qemu-linux-user&distro=openSUSE%20Tumbleweedpkg:rpm/suse/kvm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/kvm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/kvm&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/kvm&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/qemu&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1
< 2.6.1-1.5+ 20 more
- (no CPE)range: < 2.6.1-1.5
- (no CPE)range: < 2.6.1-1.5
- (no CPE)range: < 1.4.2-46.1
- (no CPE)range: < 1.4.2-46.1
- (no CPE)range: < 1.4.2-44.1
- (no CPE)range: < 1.4.2-44.1
- (no CPE)range: < 2.0.2-48.19.1
- (no CPE)range: < 2.3.1-14.1
- (no CPE)range: < 2.0.2-48.19.1
- (no CPE)range: < 2.3.1-14.1
- (no CPE)range: < 2.0.2-48.19.1
- (no CPE)range: < 2.3.1-14.1
- (no CPE)range: < 4.5.3_08-17.1
- (no CPE)range: < 4.4.4_07-37.1
- (no CPE)range: < 4.5.3_08-17.1
- (no CPE)range: < 4.4.4_04-22.22.2
- (no CPE)range: < 4.4.4_07-37.1
- (no CPE)range: < 4.4.4_04-22.22.2
- (no CPE)range: < 4.5.3_08-17.1
- (no CPE)range: < 4.4.4_07-37.1
- (no CPE)range: < 4.5.3_08-17.1
Patches
Vulnerability mechanics
References
11- lists.gnu.org/archive/html/qemu-devel/2016-04/msg01106.htmlnvdPatchThird Party Advisory
- lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.htmlnvdPatchThird Party Advisory
- www.securityfocus.com/bid/86067nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-2974-1nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2017:1856nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2017:2392nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2017:2408nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/11/msg00038.htmlnvdMailing ListThird Party Advisory
- security.gentoo.org/glsa/201609-01nvdThird Party Advisory
- git.qemu.orgnvd
News mentions
0No linked articles in our index yet.