Vulnerability Details : CVE-2016-3158
The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.
Vulnerability category: BypassGain privilegeInformation leak
Products affected by CVE-2016-3158
- cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-3158
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-3158
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
1.7
|
LOW | AV:L/AC:L/Au:S/C:P/I:N/A:N |
3.1
|
2.9
|
NIST | |
3.8
|
LOW | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |
2.0
|
1.4
|
NIST |
CWE ids for CVE-2016-3158
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-3158
-
http://xenbits.xen.org/xsa/advisory-172.html
XSA-172 - Xen Security AdvisoriesVendor Advisory
-
http://support.citrix.com/article/CTX209443
Citrix XenServer Multiple Security Updates
-
http://www.debian.org/security/2016/dsa-3554
Debian -- Security Information -- DSA-3554-1 xen
-
http://www.securitytracker.com/id/1035435
Xen Lets Local Users on a Guest System Obtain Register Contents from the Target Guest System - SecurityTrackerThird Party Advisory;VDB Entry
-
http://xenbits.xen.org/xsa/xsa172.patch
Patch
-
http://xenbits.xen.org/xsa/xsa172-4.3.patch
Patch
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181699.html
[SECURITY] Fedora 22 Update: xen-4.5.3-1.fc22Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Oracle VM Server for x86 Bulletin - July 2016Vendor Advisory
-
http://www.securityfocus.com/bid/85714
Xen CVE-2016-3158 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181729.html
[SECURITY] Fedora 23 Update: xen-4.5.3-1.fc23Third Party Advisory
Jump to