Information disclosure in xen (Alpine package)

1) Information disclosure

EUVDB-ID: #VU32301

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-3158

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local authenticated user to gain access to sensitive information.

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.

Mitigation

Install update from vendor's website.

Vulnerable software versions

xen (Alpine package): 4.3.4-r2

IBM Systems Director: before 6.3.2.2

xen (Alpine package): before 1.2.5ubuntu1daily13.06.14-0ubuntu1

CPE2.3

• cpe:2.3:o:alpine:xen_alpine_package:4.3.4-r2:*:*:*:*:alpine_linux:*:2.7
• cpe:2.3:a:ibm_corporation:ibm_systems_director:*:*:*:*:*:*:*:*
• cpe:2.3:o:alpine:xen_alpine_package:*:*:*:*:*:alpine_linux:*:*

External links

https://git.alpinelinux.org/aports/commit/?id=08e33d0f02c353d47b25b57f4f56a6ba9918fe32
https://git.alpinelinux.org/aports/commit/?id=6ee4459a5f8f1757470b868e4874677e31fbb3fd
https://git.alpinelinux.org/aports/commit/?id=2e04022d1a3fe8b9e3ff2e830cfeca39b4b610aa
https://git.alpinelinux.org/aports/commit/?id=bc2fd89aabfb7b623b4c283950bb456c6724a931
https://git.alpinelinux.org/aports/commit/?id=40a3ee6c24583c262a4a8390459526dc40832862

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.