CVE-2016-7777
Gentoo Linux Security Advisory 201611-09
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it.
Xen 4.7.x y versiones anteriores no respeta adecuadamente CR0.TS y CR0.EM, lo que permite a usuarios locales x86 HVM del SO invitado leer o modificar información del estado de registro FPU, MMX o XMM que pertenece a tareas arbitrarias en el invitado modificando una instrucción mientras que el hipervisor se prepara para emularlo.
Multiple vulnerabilities have been found in Xen, the worst of which allows gaining of privileges on the host system. Versions less than 4.6.3-r3 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-09-09 CVE Reserved
- 2016-10-07 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/93344 | Third Party Advisory | |
| http://www.securitytracker.com/id/1036942 | Third Party Advisory | |
| https://support.citrix.com/article/CTX217363 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://xenbits.xen.org/xsa/advisory-190.html | 2017-07-01 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201611-09 | 2017-07-01 |