FreeBSD : xen-kernel -- CR0.TS and CR0.EM not always honored for x86 HVM guests (4d7cf654-ba4d-11e6-ae1b-002590263bf5)

Low Nessus Plugin ID 95504


The remote FreeBSD host is missing a security-related update.


The Xen Project reports :

Instructions touching FPU, MMX, or XMM registers are required to raise a Device Not Available Exception (#NM) when either CR0.EM or CR0.TS are set. (Their AVX or AVX-512 extensions would consider only CR0.TS.) While during normal operation this is ensured by the hardware, if a guest modifies instructions while the hypervisor is preparing to emulate them, the #NM delivery could be missed.

Guest code in one task may thus (unintentionally or maliciously) read or modify register state belonging to another task in the same VM.

A malicious unprivileged guest user may be able to obtain or corrupt sensitive information (including cryptographic material) in other programs in the same guest.


Update the affected package.

See Also

Plugin Details

Severity: Low

ID: 95504

File Name: freebsd_pkg_4d7cf654ba4d11e6ae1b002590263bf5.nasl

Version: $Revision: 3.2 $

Type: local

Published: 2016/12/05

Modified: 2016/12/06

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 3.3

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N


Base Score: 6.3

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:xen-kernel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2016/12/04

Vulnerability Publication Date: 2016/10/04

Reference Information

CVE: CVE-2016-7777

IAVB: 2016-B-0149