FreeBSD : xen-kernel -- CR0.TS and CR0.EM not always honored for x86 HVM guests (4d7cf654-ba4d-11e6-ae1b-002590263bf5)

medium Nessus Plugin ID 95504

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The Xen Project reports :

Instructions touching FPU, MMX, or XMM registers are required to raise a Device Not Available Exception (#NM) when either CR0.EM or CR0.TS are set. (Their AVX or AVX-512 extensions would consider only CR0.TS.) While during normal operation this is ensured by the hardware, if a guest modifies instructions while the hypervisor is preparing to emulate them, the #NM delivery could be missed.

Guest code in one task may thus (unintentionally or maliciously) read or modify register state belonging to another task in the same VM.

A malicious unprivileged guest user may be able to obtain or corrupt sensitive information (including cryptographic material) in other programs in the same guest.

Solution

Update the affected package.

See Also

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214936

https://xenbits.xen.org/xsa/advisory-190.html

http://www.nessus.org/u?693b7d2b

Plugin Details

Severity: Medium

ID: 95504

File Name: freebsd_pkg_4d7cf654ba4d11e6ae1b002590263bf5.nasl

Version: 3.5

Type: local

Published: 12/5/2016

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Low

Base Score: 3.3

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 6.3

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:xen-kernel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/4/2016

Vulnerability Publication Date: 10/4/2016

Reference Information

CVE: CVE-2016-7777

IAVB: 2016-B-0149-S