cvedb.io
CVE-2016-4020
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2016-05-25T15:59:04.927 · Last modified 2026-06-17T00:46:44.877

Summary

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

Affected products

qemu — qemu

Does this affect you?

Add your gear to cvedb and we'll alert you only when qemu ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.