Published: 07/10/2016 Updated: 01/07/2017

CVSS v2 Base Score: 3.3 | Impact Score: 4.9 | Exploitability Score: 3.4

CVSS v3 Base Score: 6.3 | Impact Score: 5.2 | Exploitability Score: 1

VMScore: 294

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N

Xen 4.7.x and previous versions does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xen xen

Multiple vulnerabilities have been discovered in the Xen hypervisor The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-7777 (XSA-190) Jan Beulich from SUSE discovered that Xen does not properly honor CR0TS and CR0EM for x86 HVM guests, potentially allowing guest users to read or modify F ...

Debian Bug report logs - #845670 xen: CVE-2016-9379 CVE-2016-9380: delimiter injection vulnerabilities in pygrub Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 25 Nov 2016 18:57:01 UTC Severity: impo ...

Debian Bug report logs - #845665 xen: CVE-2016-9385: x86 segment base write emulation lacking canonical address checks Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 25 Nov 2016 18:45:01 UTC Severity ...

Debian Bug report logs - #845668 xen: CVE-2016-9383: x86 64-bit bit test instruction emulation broken Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 25 Nov 2016 18:51:02 UTC Severity: important Tags: ...

Debian Bug report logs - #845664 xen: CVE-2016-9382: x86 task switch to VM86 mode mis-handled Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 25 Nov 2016 18:39:04 UTC Severity: important Tags: patch, ...

Debian Bug report logs - #845663 xen: CVE-2016-9386: x86 null segments not always treated as unusable Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 25 Nov 2016 18:39:01 UTC Severity: important Tags: ...

Xen 47x and earlier does not properly honor CR0TS and CR0EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it ...

Description of Problem A security vulnerability has been identified in Citrix XenServer that may allow malicious user code within an HVM guest VM to read or modify the contents of certain registers belonging to other tasks within that same guest VM This vulnerability affects all currently supported versions of Citrix XenServer up to and including ...

CWE-362 http://www.securityfocus.com/bid/93344 http://www.securitytracker.com/id/1036942 http://xenbits.xen.org/xsa/advisory-190.html https://support.citrix.com/article/CTX217363 https://security.gentoo.org/glsa/201611-09 https://nvd.nist.gov https://www.debian.org/security/./dsa-3729

Get Started

CVE-2016-7777

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect