CVE-2016-3158
low-risk
Published 2016-04-13
The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.
Do I need to act?
-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.8/10
Low
LOCAL
/ LOW complexity
Affected Vendors
References (20)
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181699.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181729.html
Third Party Advisory
http://www.securityfocus.com/bid/85714
Third Party Advisory
http://www.securitytracker.com/id/1035435
Vendor Advisory
http://xenbits.xen.org/xsa/advisory-172.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181699.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181729.html
Third Party Advisory
http://www.securityfocus.com/bid/85714
Third Party Advisory
http://www.securitytracker.com/id/1035435
Vendor Advisory
http://xenbits.xen.org/xsa/advisory-172.html
26
/ 100
low-risk
Severity
14/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
12/34 · Low