| Name | CVE-2016-3159 |
| Description | The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-571-1, DSA-3554-1 |
| Debian Bugs | 823620 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| xen (PTS) | jessie, jessie (lts) | 4.4.4lts5-0+deb8u1 | fixed |
| stretch (security), stretch (lts), stretch | 4.8.5.final+shim4.10.4-1+deb9u12 | fixed |
| buster (security), buster, buster (lts) | 4.11.4+107-gef32c7afa2-1 | fixed |
| bullseye | 4.14.6-1 | fixed |
| bullseye (security) | 4.14.5+94-ge49571868d-1 | fixed |
| bookworm | 4.17.3+10-g091466ba55-1~deb12u1 | fixed |
| sid, trixie | 4.17.3+36-g54dacb5c02-1 | fixed |
The information below is based on the following data on fixed versions.
Notes
http://xenbits.xen.org/xsa/advisory-172.html
CVE-2016-3159 is for the code change which is applicable for later
versions only, but which must always be combined with the code change
for CVE-2016-3158. Ie for the first hunk in xsa172.patch, which
patches the function fpu_fxrstor.