Cryptographic issues in Xen

1) Cryptographic issues

EUVDB-ID: #VU32664

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2006-1056

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: No

Description

The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.

The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running on AMD64 and other 7th and 8th generation AuthenticAMD processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one process to determine portions of the state of floating point instructions of other processes, which can be leveraged to obtain sensitive information such as cryptographic keys. NOTE: this is the documented behavior of AMD64 processors, but it is inconsistent with Intel processors in a security-relevant fashion that was not addressed by the kernels. Upgrade to Linux Kernel version 2.6.16.9 : http://www.kernel.org/

Mitigation

Install update from vendor's website.

Vulnerable software versions

Xen: 4.24

CPE2.3

• cpe:2.3:a:xen_project:xen:4.24:*:*:*:*:*:*:*

External links

https:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:14.fpu.asc
https://kb.vmware.com/kb/2533126
https://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.9
https://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
https://lwn.net/Alerts/180820/
https://marc.info/?l=linux-kernel&m=114548768214478&w=2
https://secunia.com/advisories/19715
https://secunia.com/advisories/19724
https://secunia.com/advisories/19735
https://secunia.com/advisories/20398
https://secunia.com/advisories/20671
https://secunia.com/advisories/20716
https://secunia.com/advisories/20914
https://secunia.com/advisories/21035
https://secunia.com/advisories/21136
https://secunia.com/advisories/21465
https://secunia.com/advisories/21983
https://secunia.com/advisories/22417
https://secunia.com/advisories/22875
https://secunia.com/advisories/22876
https://security.freebsd.org/advisories/FreeBSD-SA-06:14-amd.txt
https://securitytracker.com/id?1015966
https://support.avaya.com/elmodocs2/security/ASA-2006-180.htm
https://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
https://www.debian.org/security/2006/dsa-1097
https://www.debian.org/security/2006/dsa-1103
https://www.novell.com/linux/security/advisories/2006-05-31.html
https://www.osvdb.org/24746
https://www.osvdb.org/24807
https://www.redhat.com/support/errata/RHSA-2006-0437.html
https://www.redhat.com/support/errata/RHSA-2006-0575.html
https://www.redhat.com/support/errata/RHSA-2006-0579.html
https://www.securityfocus.com/archive/1/431341
https://www.securityfocus.com/archive/1/451404/100/0/threaded
https://www.securityfocus.com/archive/1/451417/100/200/threaded
https://www.securityfocus.com/archive/1/451419/100/200/threaded
https://www.securityfocus.com/archive/1/451421/100/0/threaded
https://www.securityfocus.com/bid/17600
https://www.ubuntu.com/usn/usn-302-1
https://www.vmware.com/download/esx/esx-213-200610-patch.html
https://www.vmware.com/download/esx/esx-254-200610-patch.html
https://www.vupen.com/english/advisories/2006/1426
https://www.vupen.com/english/advisories/2006/1475
https://www.vupen.com/english/advisories/2006/2554
https://www.vupen.com/english/advisories/2006/4353
https://www.vupen.com/english/advisories/2006/4502
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187910
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187911
https://exchange.xforce.ibmcloud.com/vulnerabilities/25871
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9995

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.