CVE-2016-3159

NameCVE-2016-3159
DescriptionThe fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-571-1, DSA-3554-1
NVD severitylow
Debian Bugs823620

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xen (PTS)stretch (security), stretch4.8.5.final+shim4.10.4-1+deb9u12fixed
buster, buster (security)4.11.4+107-gef32c7afa2-1fixed
bullseye (security), bullseye4.14.3-1~deb11u1fixed
bookworm, sid4.14.3-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xensourcewheezy4.1.6.lts1-1DLA-571-1
xensourcejessie4.4.1-9+deb8u5DSA-3554-1
xensource(unstable)4.8.0~rc3-1823620

Notes

http://xenbits.xen.org/xsa/advisory-172.html
CVE-2016-3159 is for the code change which is applicable for later
versions only, but which must always be combined with the code change
for CVE-2016-3158. Ie for the first hunk in xsa172.patch, which
patches the function fpu_fxrstor.

Search for package or bug name: Reporting problems