CVE-2016-7777

Sažetak

Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it.

Reference

http://www.securityfocus.com/bid/93344
http://www.securitytracker.com/id/1036942
http://xenbits.xen.org/xsa/advisory-190.html
https://security.gentoo.org/glsa/201611-09
https://support.citrix.com/article/CTX217363

CVSS

Base:	3.3
Impact:	4.9
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:L/AC:M/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

01-07-2017 - 01:30

Objavljeno

07-10-2016 - 14:59