CVE-2019-3887 MEDIUM

CVE-2019-3887

Vendor The Linux Foundation

Product Kernel

Weakness CWE-863 · Incorrect authorization

Published April 9, 2019

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

6.7/10

Attack vector Local

Attack complexity High

Privileges required High

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H

What the vulnerability does

01Description

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.

Key dates

02Disclosure timeline

April 9, 2019 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-3887 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

CVE-2019-3887

01Description

02Disclosure timeline

03References

04Related CVE