Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-3158

Опубликовано: 13 апр. 2016
Источник: debian

Описание

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
xenfixed4.8.0~rc3-1package

Примечания

  • http://xenbits.xen.org/xsa/advisory-172.html

  • CVE-2016-3158 is for the code change which is required for all

  • versions (but which is sufficient only on Xen 4.3.x, and insufficient

  • on later versions). Ie for the second hunk in xsa172.patch (the only

  • hunk in xsa172-4.3.patch), which patches the function xrstor.

Связанные уязвимости

ubuntu логотип

CVE-2016-3158

CVSS3: 3.8
ubuntu
почти 10 лет назад

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.

redhat логотип

CVE-2016-3158

redhat
почти 10 лет назад

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.

nvd логотип

CVE-2016-3158

CVSS3: 3.8
nvd
почти 10 лет назад

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.

github логотип

GHSA-96jh-8f37-hfp8

CVSS3: 3.8
github
больше 3 лет назад

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.

fstec логотип

BDU:2016-01040

fstec
почти 10 лет назад

Уязвимость гипервизора Xen, позволяющая нарушителю получить доступ к защищаемой информации содержимого регистра