|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Xen: information disclosure during arithmetic operations
Synthesis of the vulnerability
When Xen is installed on AMD processors Family 15 (or greater), an attacker located in a guest system can obtain information during arithmetic operations.
Vulnerable products: XenServer, Debian, Fedora, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity of this weakness: 1/4.
Consequences of an attack: data reading.
Hacker's origin: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 29/03/2016.
Références of this bulletin: CERTFR-2016-AVI-133, CTX209443, CVE-2016-3158, CVE-2016-3159, DLA-571-1, DSA-3554-1, FEDORA-2016-5f196e4e4a, FEDORA-2016-e5432ca977, openSUSE-SU-2016:2494-1, openSUSE-SU-2016:2497-1, SUSE-SU-2016:2093-1, SUSE-SU-2016:2100-1, SUSE-SU-2016:2528-1, SUSE-SU-2016:2533-1, SUSE-SU-2016:2725-1, VIGILANCE-VUL-19248, XSA-172.
Description of the vulnerability
The Floating Point Unit (FPU, x87) is used during floating point arithmetic operations. The FPU contains 3 debug registers: FOP, FIP and FDP. The FSAVE/FSTOR or FXSAVE/FXSTOR instructions save and restore these registers. The support is enabled via the "xsave" option.
The xrstor() function of the xen/arch/x86/i387.c file does not manage the case of AMD processor, which require these registers to be erased, even if FSW.ESis used (to fix VIGILANCE-VUL-12901). So, a guest system can access to the content of the FOP, FIP and FDP registers of another domain.
When Xen is installed on AMD processors Family 15 (or greater), an attacker located in a guest system can therefore obtain information during arithmetic operations.
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a networks vulnerabilities announce. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The technology watch team tracks security threats targeting the computer system.