CVE-2016-9932
low
CVSS v3
3.3
CVSS v2
2.1
VIR risk
3.3
Description
CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix.
Predictions
Exploit likelihood
34%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2016-9932
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2016-9932.html
Vendor advisory: cve@mitre.org — https://support.citrix.com/article/CTX219378
Vendor advisory: cve@mitre.org — http://xenbits.xen.org/xsa/advisory-200.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | fixed | 4.8.0~rc3-1 |
| debian | bullseye | fixed | 4.8.0~rc3-1 |
| debian | forky | fixed | 4.8.0~rc3-1 |
| debian | sid | fixed | 4.8.0~rc3-1 |
| debian | trixie | fixed | 4.8.0~rc3-1 |
References
- http://www.debian.org/security/2017/dsa-3847
- http://www.securityfocus.com/bid/94863
- http://www.securitytracker.com/id/1037468
- http://xenbits.xen.org/xsa/advisory-200.html
- https://security.gentoo.org/glsa/201612-56
- https://support.citrix.com/article/CTX219378
- https://www.suse.com/security/cve/CVE-2016-9932.html
- https://security-tracker.debian.org/tracker/CVE-2016-9932
CWEs
CWE-200
Verify integrity in audit chain (admin only). AS-IS.