FreeBSD : xen-kernel -- x86 CMPXCHG8B emulation fails to ignore operand size override (80a897a2-c1a6-11e6-ae1b-002590263bf5)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The Xen Project reports :

The x86 instruction CMPXCHG8B is supposed to ignore legacy operand
size overrides; it only honors the REX.W override (making it
CMPXCHG16B). So, the operand size is always 8 or 16. When support for
CMPXCHG16B emulation was added to the instruction emulator, this
restriction on the set of possible operand sizes was relied on in some
parts of the emulation; but a wrong, fully general, operand size value
was used for other parts of the emulation. As a result, if a guest
uses a supposedly-ignored operand size prefix, a small amount of
hypervisor stack data is leaked to the guests: a 96 bit leak to guests
running in 64-bit mode; or, a 32 bit leak to other guests.

A malicious unprivileged guest may be able to obtain sensitive
information from the host.

See also :

http://xenbits.xen.org/xsa/advisory-200.html
http://www.nessus.org/u?4263510a

Solution :

Update the affected package.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 95787 ()

Bugtraq ID:

CVE ID: CVE-2016-9932

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now