CVE-2016-3158

CWE-200 — Information Exposure CWE-284 — Improper Access Control8 documents7 sources

Severity

3.8LOW

EPSS

0.0%

top 89.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN XEN Fedoraproject Fedora Oracle VM Server

Timeline

PublishedApr 13

Latest updateMay 17

Description

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:NExploitability: 2.0 | Impact: 1.4

Affected Packages3 packages

▶Debianxen< 4.8.0~rc3-1+3

▶NVDxen/xen4.4.0

▶NVDoracle/vm_server3.3, 3.4+1

Also affects: Fedora 22, 23

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-96jh-8f37-hfp8: The xrstor function in arch/x86/xstate↗2022-05-17

▶

OSV

CVE-2016-3158: The xrstor function in arch/x86/xstate↗2016-04-13

▶

CVEList

CVE-2016-3158: The xrstor function in arch/x86/xstate↗2016-04-13

▶

📋Vendor Advisories

Red Hat

xen: AMD FPU FIP/FDP/FOP leak workaround broken (XSA-172)↗2016-03-24

▶

Debian

CVE-2016-3158: xen - The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle wri...↗2016

▶

💬Community

Bugzilla

CVE-2016-3158 CVE-2016-3159 xen: AMD FPU FIP/FDP/FOP leak workaround broken (XSA-172) [fedora-all]↗2016-03-29

▶

Bugzilla

CVE-2016-3158 CVE-2016-3159 xen: AMD FPU FIP/FDP/FOP leak workaround broken (XSA-172)↗2016-03-15

▶