CVE-2016-3158

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.8 LOW
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
VendorProductVersion
xenxen
𝑥
≤ 4.4.0
oraclevm_server
3.3
oraclevm_server
3.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xen
bullseye
4.14.6-1
fixed
bullseye (security)
4.14.5+94-ge49571868d-1
fixed
bookworm
4.17.3+10-g091466ba55-1~deb12u1
fixed
sid
4.17.3+36-g54dacb5c02-1
fixed
trixie
4.17.3+36-g54dacb5c02-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xen
xenial
Fixed 4.6.0-1ubuntu4.1
released
wily
Fixed 4.5.1-0ubuntu1.4
released
trusty
Fixed 4.4.2-0ubuntu0.14.04.6
released
precise
Fixed 4.1.6.1-0ubuntu0.12.04.11
released
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181699.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181729.html
http://support.citrix.com/article/CTX209443
http://www.debian.org/security/2016/dsa-3554
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/85714
http://www.securitytracker.com/id/1035435
http://xenbits.xen.org/xsa/advisory-172.html
http://xenbits.xen.org/xsa/xsa172-4.3.patch
http://xenbits.xen.org/xsa/xsa172.patch
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181699.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181729.html
http://support.citrix.com/article/CTX209443
http://www.debian.org/security/2016/dsa-3554
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/85714
http://www.securitytracker.com/id/1035435
http://xenbits.xen.org/xsa/advisory-172.html
http://xenbits.xen.org/xsa/xsa172-4.3.patch
http://xenbits.xen.org/xsa/xsa172.patch