This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
The Xen Project reports :
The x86 instruction CMPXCHG8B is supposed to ignore legacy operand
size overrides; it only honors the REX.W override (making it
CMPXCHG16B). So, the operand size is always 8 or 16. When support for
CMPXCHG16B emulation was added to the instruction emulator, this
restriction on the set of possible operand sizes was relied on in some
parts of the emulation; but a wrong, fully general, operand size value
was used for other parts of the emulation. As a result, if a guest
uses a supposedly-ignored operand size prefix, a small amount of
hypervisor stack data is leaked to the guests: a 96 bit leak to guests
running in 64-bit mode; or, a 32 bit leak to other guests.
A malicious unprivileged guest may be able to obtain sensitive
information from the host.
See also :
Update the affected package.
Risk factor :
Low / CVSS Base Score : 2.1