[3.1] xen: CR0.TS and CR0.EM not always honored for x86 HVM guests (CVE-2016-7777)
Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which
allows local x86 HVM guest OS users to read or modify FPU, MMX,
or XMM register state information belonging to arbitrary tasks on the
guest by modifying an instruction while the hypervisor is preparing to
emulate it.
Reference:
http://xenbits.xen.org/xsa/advisory-190.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7777
(from redmine: issue id 6352, created on 2016-10-13, closed on 2017-09-05)
- Relations:
- parent #6347 (closed)