CVE-2016-3159

NameCVE-2016-3159
DescriptionThe fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-571-1, DSA-3554-1
Debian Bugs823620

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xen (PTS)buster, buster (security)4.11.4+107-gef32c7afa2-1fixed
bullseye4.14.6-1fixed
bullseye (security)4.14.5+94-ge49571868d-1fixed
bookworm4.17.3+10-g091466ba55-1~deb12u1fixed
trixie4.17.3+10-g091466ba55-1fixed
sid4.17.3+36-g54dacb5c02-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xensourcewheezy4.1.6.lts1-1DLA-571-1
xensourcejessie4.4.1-9+deb8u5DSA-3554-1
xensource(unstable)4.8.0~rc3-1823620

Notes

http://xenbits.xen.org/xsa/advisory-172.html
CVE-2016-3159 is for the code change which is applicable for later
versions only, but which must always be combined with the code change
for CVE-2016-3158. Ie for the first hunk in xsa172.patch, which
patches the function fpu_fxrstor.

Search for package or bug name: Reporting problems