CVE-2019-3887

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-3887

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3887.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-3887

Downstream

DEBIAN-CVE-2019-3887

RHSA-2019:2703

RHSA-2019:2741

UBUNTU-CVE-2019-3887

USN-3980-2

openSUSE-SU-2024:10728-1

openSUSE-SU-2024:13704-1

Related

Published

2019-04-09T16:29:01Z

Modified

2025-08-09T19:01:28Z

Severity

5.6 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.

References

Affected packages