CVE-2016-3159

EUVD-2016-4211
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.8 LOW
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
oraclevm_server
3.3
oraclevm_server
3.4
xenxen
4.3.0 ≤
𝑥
≤ 4.3.4
xenxen
4.4.0 ≤
𝑥
≤ 4.4.4
xenxen
4.5.0 ≤
𝑥
≤ 4.5.3
xenxen
4.6.0 ≤
𝑥
≤ 4.6.1
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xen
bookworm
4.17.3+10-g091466ba55-1~deb12u1
fixed
bullseye
4.14.6-1
fixed
bullseye (security)
4.14.5+94-ge49571868d-1
fixed
sid
4.17.3+36-g54dacb5c02-1
fixed
trixie
4.17.3+36-g54dacb5c02-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xen
precise
Fixed 4.1.6.1-0ubuntu0.12.04.11
released
trusty
Fixed 4.4.2-0ubuntu0.14.04.6
released
wily
Fixed 4.5.1-0ubuntu1.4
released
xenial
Fixed 4.6.0-1ubuntu4.1
released
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181699.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181729.html
http://support.citrix.com/article/CTX209443
http://www.debian.org/security/2016/dsa-3554
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/85716
http://www.securitytracker.com/id/1035435
http://xenbits.xen.org/xsa/advisory-172.html
http://xenbits.xen.org/xsa/xsa172.patch
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181699.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181729.html
http://support.citrix.com/article/CTX209443
http://www.debian.org/security/2016/dsa-3554
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/85716
http://www.securitytracker.com/id/1035435
http://xenbits.xen.org/xsa/advisory-172.html
http://xenbits.xen.org/xsa/xsa172.patch