DEBIAN-CVE-2016-3158

DEBIAN-CVE-2016-3158 PUBLISHED CVSS 3.799999952316284 LOW

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.

Risk Scores

CVSS v3.0

3.799999952316284

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:13	xen	0, 0, 0
Debian:14	xen	0, 0, 0
Debian:12	xen	0, 0, 0
Debian:11	xen	0, 0, 0

Timeline

Apr 13, 2016 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2016-3158 advisory

Open in Interactive Console →