Vulnerability Description
Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | <= 4.7.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/93344Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1036942Third Party AdvisoryVDB Entry
- http://xenbits.xen.org/xsa/advisory-190.htmlMitigationPatchVendor Advisory
- https://security.gentoo.org/glsa/201611-09
- https://support.citrix.com/article/CTX217363
- http://www.securityfocus.com/bid/93344Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1036942Third Party AdvisoryVDB Entry
- http://xenbits.xen.org/xsa/advisory-190.htmlMitigationPatchVendor Advisory
- https://security.gentoo.org/glsa/201611-09
- https://support.citrix.com/article/CTX217363
FAQ
What is CVE-2016-7777?
CVE-2016-7777 is a vulnerability with a CVSS score of 6.3 (MEDIUM). Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on...
How severe is CVE-2016-7777?
CVE-2016-7777 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-7777?
Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen.