UBUNTU-CVE-2019-3016

Advisory lineage Upstream: 1 Downstream: 3

Upstream

CVE-2019-3016

Downstream

LSN-0065-1 USN-4300-1 USN-4301-1

Published: 30 Jan 2020, 18:00

Last modified:04 Feb 2026, 04:15

Vulnerability Summary

Overall Risk (default)

medium

25/100

CVSS Score

6.2 MEDIUM

3.1 (osv_ubuntu)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

30 Jan 2020, 18:00

Published

Vulnerability first disclosed

04 Feb 2026, 04:15

Last Modified

Vulnerability information updated

Description

In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out.

CVSS Metrics

v3.1•MEDIUM•Score: 6.2CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Systems

ubuntu•linux-aws-5.0
< 5.0.0-1027.30
ubuntu•linux-azure
< 5.0.0-1035.37
ubuntu•linux-azure-5.3
< 5.3.0-1016.17~18.04.1
ubuntu•linux-azure-edge
all
ubuntu•linux-azure-fde
all
ubuntu•linux-gcp
< 5.0.0-1033.34
ubuntu•linux-gcp-5.3
< 5.3.0-1014.15~18.04.1
ubuntu•linux-gcp-edge
all
ubuntu•linux-gke
all
ubuntu•linux-gke-5.0
< 5.0.0-1032.33
ubuntu•linux-gke-5.3
< 5.3.0-1014.15~18.04.1
ubuntu•linux-gkeop
all
ubuntu•linux-gkeop-5.15
all
ubuntu•linux-hwe
< 5.3.0-42.34~18.04.1
ubuntu•linux-hwe-edge
all | all
ubuntu•linux-intel-iot-realtime
all
ubuntu•linux-oem-osp1
< 5.0.0-1043.48
ubuntu•linux-oracle-5.0
< 5.0.0-1013.18
ubuntu•linux-raspi-realtime
all
ubuntu•linux-raspi2
all
ubuntu•linux-raspi2-5.3
< 5.3.0-1019.21~18.04.1
ubuntu•linux-realtime
all
ubuntu•linux-riscv
all | all