Information disclosure in Xen

#VU32193 Information disclosure in Xen

Cybersecurity Help s.r.o.

Published: 2017-01-26 | Updated: 2020-07-28

Vulnerability identifier: #VU32193

Vulnerability risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-9932

CWE-ID: CWE-200

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Xen
Server applications / Virtualization software

Vendor: Xen Project

Description

The vulnerability allows a local authenticated user to gain access to sensitive information.

CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Xen: 3.3.0 - 3.3.2

External links
http://www.debian.org/security/2017/dsa-3847
http://www.securityfocus.com/bid/94863
http://www.securitytracker.com/id/1037468
http://xenbits.xen.org/xsa/advisory-200.html
http://security.gentoo.org/glsa/201612-56
http://support.citrix.com/article/CTX219378

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Information disclosure in Xen

OpenSUSE Linux update for xen

SUSE Linux update for xen

Information disclosure in xen (Alpine package)