FreeBSD: VID-4d7cf654-ba4d-11e6-ae1b-002590263bf5 (CVE-2016-7777): xen-kernel -- CR0.TS and CR0.EM not always honored for x86 HVM guests

The Xen Project reports: Instructions touching FPU, MMX, or XMM registers are required to raise a Device Not Available Exception (#NM) when either CR0.EM or CR0.TS are set. (Their AVX or AVX-512 extensions would consider only CR0.TS.) While during normal operation this is ensured by the hardware, if a guest modifies instructions while the hypervisor is preparing to emulate them, the #NM delivery could be missed. Guest code in one task may thus (unintentionally or maliciously) read or modify register state belonging to another task in the same VM. A malicious unprivileged guest user may be able to obtain or corrupt sensitive information (including cryptographic material) in other programs in the same guest.