CVE-2016-3158 — LOW (3.8) — White Hats Nepal

Q: How severe is CVE-2016-3158?

CVE-2016-3158 has been rated LOW with a CVSS base score of 3.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-3158?

Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen, Fedoraproject Fedora, Oracle Vm Server.

Vulnerability Description

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.

CVSS Score

3.8

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Xen	Xen	<= 4.4.0
Fedoraproject	Fedora	22
Oracle	Vm Server	3.3

Related Weaknesses (CWE)

CWE-284 CWE-200

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181699.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181729.htmlThird Party Advisory
http://support.citrix.com/article/CTX209443
http://www.debian.org/security/2016/dsa-3554
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmVendor Advisory
http://www.securityfocus.com/bid/85714Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1035435Third Party AdvisoryVDB Entry
http://xenbits.xen.org/xsa/advisory-172.htmlVendor Advisory
http://xenbits.xen.org/xsa/xsa172-4.3.patchPatch
http://xenbits.xen.org/xsa/xsa172.patchPatch
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181699.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181729.htmlThird Party Advisory
http://support.citrix.com/article/CTX209443
http://www.debian.org/security/2016/dsa-3554
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmVendor Advisory

FAQ

What is CVE-2016-3158?

CVE-2016-3158 is a vulnerability with a CVSS score of 3.8 (LOW). The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive r...

How severe is CVE-2016-3158?

CVE-2016-3158 has been rated LOW with a CVSS base score of 3.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-3158?

Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen, Fedoraproject Fedora, Oracle Vm Server.