|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Xen: information disclosure via HVM CR0.TS/EM
Synthesis of the vulnerability
An attacker can use CR0.TS/EM on Xen x86 HVM, in order to obtain sensitive information on the current system.
Vulnerable systems: XenServer, Debian, Fedora, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity of this threat: 1/4.
Consequences of a hack: data reading.
Pirate's origin: user shell.
Creation date: 04/10/2016.
Références of this weakness: CERTFR-2016-AVI-328, CTX217363, CVE-2016-7777, DLA-699-1, DSA-3729-1, FEDORA-2016-4c407cd849, FEDORA-2016-689f240960, openSUSE-SU-2016:3134-1, openSUSE-SU-2017:0007-1, openSUSE-SU-2017:0008-1, SUSE-SU-2016:3044-1, SUSE-SU-2016:3067-1, SUSE-SU-2016:3083-1, SUSE-SU-2016:3156-1, SUSE-SU-2016:3174-1, SUSE-SU-2016:3273-1, VIGILANCE-VUL-20762, XSA-190.
Description of the vulnerability
The Xen product can manage x86 HVM guest systems.
However, an attacker can raise a Device Not Available Exception while CR0.EM or CR0.TS are set, which can be used to read a register of another task on the same VM.
An attacker can therefore use CR0.TS/EM on Xen x86 HVM, in order to obtain sensitive information on the current system.
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides application vulnerability patches. The technology watch team tracks security threats targeting the computer system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.