CVE-2016-3159

Published: Apr 13, 2016Modified: May 6, 2026

3.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Exploitability: 2.0 / Impact: 1.4

Source: NVD

Description

The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.

Affected (9)

Products: Oracle: Vm Server · Xen: Xen · Fedoraproject: Fedora · +1 more

Show all products

Oracle: Vm Server · Xen: Xen · Fedoraproject: Fedora · Debian: Debian Linux

1 product

1 product

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Oracle Vm Server	Version 3.3
Oracle Vm Server	Version 3.4

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Xen Xen	From 4.3.0 to 4.3.4
Xen Xen	From 4.4.0 to 4.4.4
Xen Xen	From 4.5.0 to 4.5.3
Xen Xen	From 4.6.0 to 4.6.1

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 22
Fedoraproject Fedora	Version 23

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (18)

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181699.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181729.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://support.citrix.com/article/CTX209443

Source: cve@mitre.org

Third Party Advisory

http://www.debian.org/security/2016/dsa-3554

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/85716

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1035435

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://xenbits.xen.org/xsa/advisory-172.html

Source: cve@mitre.org

PatchVendor Advisory

http://xenbits.xen.org/xsa/xsa172.patch

Source: cve@mitre.org

PatchVendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181699.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181729.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://support.citrix.com/article/CTX209443

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.debian.org/security/2016/dsa-3554

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/85716

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1035435

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://xenbits.xen.org/xsa/advisory-172.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://xenbits.xen.org/xsa/xsa172.patch

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.