CVE-2016-3158: Infoleak
First published: Wed Apr 13 2016(Updated: )
The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xen XAPI | <=4.4.0 | |
| Fedora | =22 | |
| Fedora | =23 | |
| Oracle VM Server | =3.3 | |
| Oracle VM Server | =3.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181699.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181729.html
- http://support.citrix.com/article/CTX209443
- http://www.debian.org/security/2016/dsa-3554
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/85714
- http://www.securitytracker.com/id/1035435
- http://xenbits.xen.org/xsa/advisory-172.html
- http://xenbits.xen.org/xsa/xsa172-4.3.patch
- http://xenbits.xen.org/xsa/xsa172.patch
Frequently Asked Questions
What is the severity of CVE-2016-3158?
CVE-2016-3158 is considered to have a high severity level due to the potential for sensitive information exposure between guest OS instances.
How do I fix CVE-2016-3158?
To fix CVE-2016-3158, you should update Xen to a version later than 4.4.0 and ensure that your systems are running on patched versions from the relevant vendors.
Who is affected by CVE-2016-3158?
CVE-2016-3158 affects users of Xen 4.x and specific versions of Fedora and Oracle VM Server that are mentioned in the vulnerability identification.
What type of vulnerability is CVE-2016-3158?
CVE-2016-3158 is a local information disclosure vulnerability that can allow guest OS users to access sensitive register information from other guests.
Can CVE-2016-3158 be exploited remotely?
CVE-2016-3158 cannot be exploited remotely as it requires local access to the guest OS to leverage the vulnerability.
- agent/references
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/xen
- canonical/xen xapi
- version/xen xapi/4.4.0
- vendor/fedoraproject
- canonical/fedora
- version/fedora/22
- version/fedora/23
- vendor/oracle
- canonical/oracle vm server
- version/oracle vm server/3.3
- version/oracle vm server/3.4