Vulnerability Details : CVE-2016-3159
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.
Vulnerability category: BypassGain privilegeInformation leak
Products affected by CVE-2016-3159
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-3159
0.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-3159
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
1.7
|
LOW | AV:L/AC:L/Au:S/C:P/I:N/A:N |
3.1
|
2.9
|
NIST | |
3.8
|
LOW | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |
2.0
|
1.4
|
NIST |
CWE ids for CVE-2016-3159
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-3159
-
http://xenbits.xen.org/xsa/advisory-172.html
XSA-172 - Xen Security AdvisoriesPatch;Vendor Advisory
-
http://support.citrix.com/article/CTX209443
Citrix XenServer Multiple Security UpdatesThird Party Advisory
-
http://www.debian.org/security/2016/dsa-3554
Debian -- Security Information -- DSA-3554-1 xenThird Party Advisory
-
http://www.securitytracker.com/id/1035435
Xen Lets Local Users on a Guest System Obtain Register Contents from the Target Guest System - SecurityTrackerThird Party Advisory;VDB Entry
-
http://xenbits.xen.org/xsa/xsa172.patch
Patch;Vendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181699.html
[SECURITY] Fedora 22 Update: xen-4.5.3-1.fc22Mailing List;Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Oracle VM Server for x86 Bulletin - July 2016Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181729.html
[SECURITY] Fedora 23 Update: xen-4.5.3-1.fc23Mailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/85716
Xen CVE-2016-3159 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
Jump to