Uninitialized Variable in QEMU's patch_instruction Function Allows Information Disclosure

Uninitialized Variable in QEMU's patch_instruction Function Allows Information Disclosure

CVE-2016-4020 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).

Learn more about our Api Penetration Testing.