CVE-2016-7777
Publication date 7 October 2016
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it.
Status
Package | Ubuntu Release | Status |
---|---|---|
xen | 16.04 LTS xenial |
Fixed 4.6.0-1ubuntu4.2
|
14.04 LTS trusty |
Fixed 4.4.2-0ubuntu0.14.04.7
|
|
Notes
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.3 · Medium |
Attack vector | Local |
Attack complexity | High |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | None |
Vector | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N |