Candidate: CVE-2016-7777
PublicDate: 2016-10-07 14:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7777
 http://xenbits.xen.org/xsa/advisory-190.html
Description:
 Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which
 allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM
 register state information belonging to arbitrary tasks on the guest by
 modifying an instruction while the hypervisor is preparing to emulate it.
Ubuntu-Description:
Notes:
 sbeattie> The vulnerability is only exposed to x86 HVM guests.
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N [6.3 MEDIUM]

Patches_xen:
Tags_xen: universe-binary
upstream_xen: needs-triage
precise_xen: released (4.1.6.1-0ubuntu0.12.04.12)
trusty_xen: released (4.4.2-0ubuntu0.14.04.7)
trusty/esm_xen: DNE (trusty was released [4.4.2-0ubuntu0.14.04.7])
vivid/ubuntu-core_xen: DNE
vivid/stable-phone-overlay_xen: DNE
xenial_xen: released (4.6.0-1ubuntu4.2)
esm-infra/xenial_xen: released (4.6.0-1ubuntu4.2)
devel_xen: released (4.7.0-0ubuntu2)