ByteOS Network

NVD Vulnerability Details :

CVE-2016-3159

Deferred

Source-cve@mitre.org

Published At-13 Apr, 2016 | 16:59

Updated At-12 Apr, 2025 | 10:46

The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	3.8	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Primary	2.0	1.7	LOW	AV:L/AC:L/Au:S/C:P/I:N/A:N

Type: Primary

Version: 3.0

Base score: 3.8

Base severity: LOW

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Type: Primary

Version: 2.0

Base score: 1.7

Base severity: LOW

Vector:

AV:L/AC:L/Au:S/C:P/I:N/A:N

CPE Matches

Oracle Corporation

>>vm_server>>3.3

cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*

Oracle Corporation

>>vm_server>>3.4

cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*

Xen Project

>>xen>>Versions from 4.3.0(inclusive) to 4.3.4(inclusive)

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*

Xen Project

>>xen>>Versions from 4.4.0(inclusive) to 4.4.4(inclusive)

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*

Xen Project

>>xen>>Versions from 4.5.0(inclusive) to 4.5.3(inclusive)

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*

Xen Project

>>xen>>Versions from 4.6.0(inclusive) to 4.6.1(inclusive)

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*

Fedora Project

>>fedora>>22

cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*

Fedora Project

>>fedora>>23

cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>8.0

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-200	Primary	nvd@nist.gov
CWE-284	Primary	nvd@nist.gov

CWE ID: CWE-200

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-284

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181699.html	cve@mitre.org	Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181729.html	cve@mitre.org	Mailing List Third Party Advisory
http://support.citrix.com/article/CTX209443	cve@mitre.org	Third Party Advisory
http://www.debian.org/security/2016/dsa-3554	cve@mitre.org	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	cve@mitre.org	Third Party Advisory
http://www.securityfocus.com/bid/85716	cve@mitre.org	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1035435	cve@mitre.org	Third Party Advisory VDB Entry
http://xenbits.xen.org/xsa/advisory-172.html	cve@mitre.org	Patch Vendor Advisory
http://xenbits.xen.org/xsa/xsa172.patch	cve@mitre.org	Patch Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181699.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181729.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://support.citrix.com/article/CTX209443	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
http://www.debian.org/security/2016/dsa-3554	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
http://www.securityfocus.com/bid/85716	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1035435	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
http://xenbits.xen.org/xsa/advisory-172.html	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://xenbits.xen.org/xsa/xsa172.patch	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory