The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability note CVE-2016-3158 CVE-2016-3159

Xen: information disclosure during arithmetic operations

Synthesis of the vulnerability

When Xen is installed on AMD processors Family 15 (or greater), an attacker located in a guest system can obtain information during arithmetic operations.
Severity of this weakness: 1/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 29/03/2016.
Références of this bulletin: CERTFR-2016-AVI-133, CTX209443, CVE-2016-3158, CVE-2016-3159, DLA-571-1, DSA-3554-1, FEDORA-2016-5f196e4e4a, FEDORA-2016-e5432ca977, openSUSE-SU-2016:2494-1, openSUSE-SU-2016:2497-1, SUSE-SU-2016:2093-1, SUSE-SU-2016:2100-1, SUSE-SU-2016:2528-1, SUSE-SU-2016:2533-1, SUSE-SU-2016:2725-1, VIGILANCE-VUL-19248, XSA-172.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Floating Point Unit (FPU, x87) is used during floating point arithmetic operations. The FPU contains 3 debug registers: FOP, FIP and FDP. The FSAVE/FSTOR or FXSAVE/FXSTOR instructions save and restore these registers. The support is enabled via the "xsave" option.

The xrstor() function of the xen/arch/x86/i387.c file does not manage the case of AMD processor, which require these registers to be erased, even if FSW.ESis used (to fix VIGILANCE-VUL-12901). So, a guest system can access to the content of the FOP, FIP and FDP registers of another domain.

When Xen is installed on AMD processors Family 15 (or greater), an attacker located in a guest system can therefore obtain information during arithmetic operations.
Full Vigil@nce bulletin... (Free trial)

This cybersecurity vulnerability impacts software or systems such as XenServer, Debian, Fedora, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.

Our Vigil@nce team determined that the severity of this vulnerability is low.

The trust level is of type confirmed by the editor, with an origin of user shell.

This bulletin is about 2 vulnerabilities.

An attacker with a expert ability can exploit this weakness alert.

Solutions for this threat

Xen: patch for XSAVE/XRSTOR.
A patch is indicated in information sources.

Citrix XenServer: patch.
A patch is available:
  Citrix XenServer 6.5 SP1: CTX209498 https://support.citrix.com/article/CTX209498
  Citrix XenServer 6.2 SP1: CTX209497 https://support.citrix.com/article/CTX209497
  Citrix XenServer 6.1: CTX209496 https://support.citrix.com/article/CTX209496
  Citrix XenServer 6.0.2: CTX209494 https://support.citrix.com/article/CTX209494
  Citrix XenServer 6.0.2 Common Criteria: CTX209495 https://support.citrix.com/article/CTX209495
  Citrix XenServer 6.0: CTX209493 https://support.citrix.com/article/CTX209493

Debian 7: new xen packages.
New packages are available:
  Debian 7: xen 4.1.6.lts1-1

Debian 8: new xen packages.
New packages are available:
  Debian 8: xen 4.4.1-9+deb8u5

Fedora: new xen packages.
New packages are available:
  Fedora 22: xen 4.5.3-1.fc22
  Fedora 23: xen 4.5.3-1.fc23

openSUSE 13.2: new xen packages.
New packages are available:
  openSUSE 13.2: xen 4.4.4_05-49.1

openSUSE Leap 42.1: new xen packages (12/10/2016).
New packages are available:
  openSUSE Leap 42.1: xen 4.5.3_10-15.2

SUSE LE 11 SP2: new xen packages.
New packages are available:
  SUSE LE 11 SP2: xen 4.1.6_08-29.1

SUSE LE 11 SP3: new xen packages.
New packages are available:
  SUSE LE 11 SP3: xen 4.2.5_21-27.1

SUSE LE 11 SP4: new xen packages (19/08/2016).
New packages are available:
  SUSE LE 11 SP4: xen 4.4.4_07-37.1

SUSE LE 12: new xen packages.
New packages are available:
  SUSE LE 12 RTM: xen 4.4.4_04-22.22.2

SUSE LE 12 SP1: new xen packages (18/08/2016).
New packages are available:
  SUSE LE 12 SP1: xen 4.5.3_08-17.1
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a networks vulnerabilities workaround. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The technology watch team tracks security threats targeting the computer system.