CVE-2016-3158
LOWXen < 4.4.0 - Unauthorized Sensitive Information Exposure via xrstor Function
Title source: llmDescription
The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.
References (10)
Core 10
Core References
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181699.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/85714
Patch x_refsource_confirm
http://xenbits.xen.org/xsa/xsa172-4.3.patch
Vendor Advisory x_refsource_confirm
http://xenbits.xen.org/xsa/advisory-172.html
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181729.html
Patch x_refsource_confirm
http://xenbits.xen.org/xsa/xsa172.patch
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035435
Vendor Advisory x_refsource_confirm
http://support.citrix.com/article/CTX209443
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3554
Scores
CVSS v3
3.8
EPSS
0.0004
EPSS Percentile
10.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Details
CWE
CWE-200
CWE-284
Status
published
Products (5)
fedoraproject/fedora
22
fedoraproject/fedora
23
oracle/vm_server
3.3
oracle/vm_server
3.4
xen/xen
< 4.4.0
Published
Apr 13, 2016
Tracked Since
Feb 18, 2026