Low severity3.8NVD Advisory· Published Apr 13, 2016· Updated May 6, 2026

CVE-2016-3159

Description

The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.

Affected products

Oracle Corporation/Vm Server2 versions
cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*
Xen/Xen
cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
Range: >=4.3.0,<=4.3.4
Fedoraproject/Fedora2 versions
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

xenbits.xen.org/xsa/advisory-172.htmlnvdPatchVendor Advisory
xenbits.xen.org/xsa/xsa172.patchnvdPatchVendor Advisory
lists.fedoraproject.org/pipermail/package-announce/2016-April/181699.htmlnvdMailing ListThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2016-April/181729.htmlnvdMailing ListThird Party Advisory
support.citrix.com/article/CTX209443nvdThird Party Advisory
www.debian.org/security/2016/dsa-3554nvdThird Party Advisory
www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlnvdThird Party Advisory
www.securityfocus.com/bid/85716nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1035435nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.247
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000