Vulnerability CVE-2019-3887: Information

Description

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.

Severity: MEDIUM (5.6) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-3887
Published: April 9, 2019
Modified: Feb. 13, 2023
Error type identifier: CWE-863

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
kernel-image-std-debugsisyphus4.19.35-alt16.1.91-alt1ALT-PU-2019-1663-1227268Fixed
kernel-image-std-debugc9f24.19.35-alt14.19.102-alt1ALT-PU-2019-1663-1227268Fixed
kernel-image-std-defsisyphus4.19.35-alt16.1.91-alt1ALT-PU-2019-1666-1227269Fixed
kernel-image-std-defp104.19.35-alt15.10.216-alt1ALT-PU-2019-1666-1227269Fixed
kernel-image-std-defp94.19.35-alt15.4.275-alt1ALT-PU-2019-1666-1227269Fixed
kernel-image-std-defc9f24.19.35-alt15.10.214-alt0.c9f.2ALT-PU-2019-1666-1227269Fixed
kernel-image-std-paec9f24.19.35-alt14.19.72-alt1ALT-PU-2019-1664-1227288Fixed
kernel-image-un-defsisyphus5.0.8-alt16.6.31-alt1ALT-PU-2019-1665-1227290Fixed
kernel-image-un-defp105.0.8-alt16.1.85-alt1ALT-PU-2019-1665-1227290Fixed
kernel-image-un-defp95.0.8-alt15.10.216-alt2ALT-PU-2019-1665-1227290Fixed
kernel-image-un-defp84.19.35-alt0.M80P.14.19.310-alt0.M80P.1ALT-PU-2019-1687-1227291Fixed
kernel-image-un-defc10f15.0.8-alt16.1.85-alt0.c10f.1ALT-PU-2019-1665-1227290Fixed
kernel-image-un-defc9f25.0.8-alt15.10.29-alt2ALT-PU-2019-1665-1227290Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3887
  • Issue Tracking
  • Patch
  • Third Party Advisory
107850
  • Third Party Advisory
  • VDB Entry
USN-3980-1
  • Third Party Advisory
USN-3979-1
  • Third Party Advisory
USN-3980-2
  • Third Party Advisory
RHSA-2019:2703
  • Third Party Advisory
RHSA-2019:2741
  • Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWPOIII2L73HV5PGXSGMRMKQIK47UIYE/

      1. Configuration 1

        cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
        Start including
        4.16

        Configuration 2

        cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

        Configuration 3

        cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
        cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
        cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

        Configuration 4

        cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.4:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.4:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
        cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.1
    Back to top