CVE-2013-2076 — Sensitive Information Exposure in XEN

CWE-200 — Sensitive Information Exposure17 documents6 sources

Severity

4.3MEDIUMNVD

NVD3.8OSV2.1

EPSS

0.1%

top 74.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN Debian Linux +2 more

Timeline

PublishedAug 28

Latest updateMay 17

Description

Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to determine portions of the state of floating point instructions of other domains, which can be leveraged to obtain sensitive information such as cryptographic keys, a similar vulnerability to CVE-2006-1056. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processor…

CVSS vector

AV:A/AC:H/C:C/I:N/A:NExploitability: 2.5 | Impact: 6.9

Affected Packages4 packages

▶debiandebian/xen< xen 4.8.0~rc3-1 (bookworm)+1

▶Debianxen/xen< 4.8.0~rc3-1+7

▶NVDxen/xen4.3.0 — 4.3.4+18

▶NVDoracle/vm_server3.3, 3.4+1

Also affects: Debian Linux 8.0, Fedora 22, 23

🔴Vulnerability Details

GHSA

GHSA-86c3-896f-hgp9: Xen 4↗2022-05-17

▶

GHSA

GHSA-96jh-8f37-hfp8: The xrstor function in arch/x86/xstate↗2022-05-17

▶

GHSA

GHSA-h55q-7cr6-wwr6: The fpu_fxrstor function in arch/x86/i387↗2022-05-14

▶

OSV

CVE-2016-3159: The fpu_fxrstor function in arch/x86/i387↗2016-04-13

▶

OSV

CVE-2016-3158: The xrstor function in arch/x86/xstate↗2016-04-13

▶

📋Vendor Advisories

Red Hat

xen: AMD FPU FIP/FDP/FOP leak workaround broken (XSA-172)↗2016-03-24

▶

Red Hat

xen: AMD FPU FIP/FDP/FOP leak workaround broken (XSA-172)↗2016-03-24

▶

Debian

CVE-2016-3158: xen - The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle wri...↗2016

▶

Debian

CVE-2016-3159: xen - The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle ...↗2016

▶

Red Hat

kernel: xen: Information leak on XSAVE/XRSTOR capable AMD CPUs↗2013-06-03

▶

💬Community

Bugzilla

CVE-2013-2076 kernel: xen: Information leak on XSAVE/XRSTOR capable AMD CPUs [fedora-all]↗2013-06-03

▶

Bugzilla

CVE-2013-2076 kernel: xen: Information leak on XSAVE/XRSTOR capable AMD CPUs↗2013-05-17

▶