CVE-2016-3158
Published on: 04/13/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:02 PM UTC
Certain versions of Fedora from Fedoraproject contain the following vulnerability:
The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.
- CVE-2016-3158 has been assigned by
[email protected] to track the vulnerability - currently rated as LOW severity.
CVSS3 Score: 3.8 - LOW
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
LOCAL | LOW | LOW | NONE | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
CHANGED | LOW | NONE | NONE |
CVSS2 Score: 1.7 - LOW
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
LOCAL | LOW | SINGLE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | NONE | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
[SECURITY] Fedora 23 Update: xen-4.5.3-1.fc23 | Third Party Advisory lists.fedoraproject.org text/html |
![]() |
XSA-172 - Xen Security Advisories | Vendor Advisory xenbits.xen.org text/html |
![]() |
[SECURITY] Fedora 22 Update: xen-4.5.3-1.fc22 | Third Party Advisory lists.fedoraproject.org text/html |
![]() |
Xen CVE-2016-3158 Information Disclosure Vulnerability | Third Party Advisory VDB Entry cve.report (archive) text/html |
![]() |
Patch xenbits.xen.org text/x-diff |
![]() | |
Oracle VM Server for x86 Bulletin - July 2016 | Vendor Advisory web.archive.org text/html Inactive LinkNot Archived |
![]() |
Citrix XenServer Multiple Security Updates | support.citrix.com text/html |
![]() |
Patch xenbits.xen.org text/x-diff |
![]() | |
Debian -- Security Information -- DSA-3554-1 xen | www.debian.org Depreciated Link text/html |
![]() |
Xen Lets Local Users on a Guest System Obtain Register Contents from the Target Guest System - SecurityTracker | Third Party Advisory VDB Entry www.securitytracker.com text/html |
![]() |
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Operating System | Fedoraproject | Fedora | 22 | All | All | All |
Operating System | Fedoraproject | Fedora | 23 | All | All | All |
Operating System | Fedoraproject | Fedora | 22 | All | All | All |
Operating System | Fedoraproject | Fedora | 23 | All | All | All |
Operating System | Oracle | Vm Server | 3.3 | All | All | All |
Operating System | Oracle | Vm Server | 3.4 | All | All | All |
Operating System | Oracle | Vm Server | 3.3 | All | All | All |
Operating System | Oracle | Vm Server | 3.4 | All | All | All |
Operating System | Xen | Xen | All | All | All | All |
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*:
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*:
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*:
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*:
- cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*:
- cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE