Candidate: CVE-2016-3158
PublicDate: 2016-04-13 16:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3158
 http://xenbits.xen.org/xsa/advisory-172.html
Description:
 The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly
 handle writes to the hardware FSW.ES bit when running on AMD64 processors,
 which allows local guest OS users to obtain sensitive register content
 information from another guest by leveraging pending exception and mask
 bits.  NOTE: this vulnerability exists because of an incorrect fix for
 CVE-2013-2076.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1564772
 https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1581419
Priority: medium
Discovered-by: Jan Beulich
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N [3.8 LOW]

Patches_xen:
Tags_xen: universe-binary
upstream_xen: needs-triage
precise_xen: released (4.1.6.1-0ubuntu0.12.04.11)
trusty_xen: released (4.4.2-0ubuntu0.14.04.6)
trusty/esm_xen: DNE (trusty was released [4.4.2-0ubuntu0.14.04.6])
vivid/ubuntu-core_xen: DNE
vivid/stable-phone-overlay_xen: DNE
wily_xen: released (4.5.1-0ubuntu1.4)
xenial_xen: released (4.6.0-1ubuntu4.1)
esm-infra/xenial_xen: released (4.6.0-1ubuntu4.1)
devel_xen: released (4.6.0-1ubuntu5)