Xen 4.x Vulnerability in FPU Handling on AMD64 Processors
CVE-2016-3159
3.8LOW
Summary
The fpu_fxrstor function in Xen 4.x fails to correctly process writes to the hardware FSW.ES bit on AMD64 processors. This oversight enables local users within a guest OS to potentially access sensitive register content from other guests. By exploiting pending exception and mask bits, attackers can gain unauthorized insights, jeopardizing the confidentiality of information across different virtual environments. This vulnerability highlights significant flaws arising from unsuccessful attempts to rectify prior vulnerabilities.
References
CVSS V3.1
Score:
3.8
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved