CVE-2016-3159

NameCVE-2016-3159
DescriptionThe fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-571-1, DSA-3554-1
NVD severitylow (attack range: local)
Debian Bugs823620

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xen (PTS)wheezy4.1.4-3+deb7u9vulnerable
wheezy (security)4.1.6.lts1-9fixed
jessie4.4.1-9+deb8u9fixed
jessie (security)4.4.1-9+deb8u10fixed
buster, stretch (security), stretch, sid4.8.1-1+deb9u3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xensource(unstable)4.8.0~rc3-1low823620
xensourcejessie4.4.1-9+deb8u5lowDSA-3554-1
xensourcewheezy4.1.6.lts1-1lowDLA-571-1

Notes

http://xenbits.xen.org/xsa/advisory-172.html
CVE-2016-3159 is for the code change which is applicable for later
versions only, but which must always be combined with the code change
for CVE-2016-3158. Ie for the first hunk in xsa172.patch, which
patches the function fpu_fxrstor.

Search for package or bug name: Reporting problems