Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-3158

Опубликовано: 13 апр. 2016
Источник: nvd
CVSS3: 3.8
CVSS2: 1.7
EPSS Низкий

Описание

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
Версия до 4.4.0 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*
cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*

EPSS

Процентиль: 10%
0.00036
Низкий

3.8 Low

CVSS3

1.7 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

ubuntu логотип

CVE-2016-3158

CVSS3: 3.8
ubuntu
почти 10 лет назад

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.

redhat логотип

CVE-2016-3158

redhat
почти 10 лет назад

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.

debian логотип

CVE-2016-3158

CVSS3: 3.8
debian
почти 10 лет назад

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly ...

github логотип

GHSA-96jh-8f37-hfp8

CVSS3: 3.8
github
больше 3 лет назад

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.

fstec логотип

BDU:2016-01040

fstec
почти 10 лет назад

Уязвимость гипервизора Xen, позволяющая нарушителю получить доступ к защищаемой информации содержимого регистра

EPSS

Процентиль: 10%
0.00036
Низкий

3.8 Low

CVSS3

1.7 Low

CVSS2

Дефекты

CWE-200