CVE-2017-7995
Last modified
CVE-2017-7995 is a vulnerability of currently unknown severity. Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. EPSS estimates a 0.37% chance of exploitation in the next 30 days.
Description
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Xen | Xen | <= 4.2.5 | — |
| Suse | Manager | 2.1 | — |
| Suse | Manager Proxy | 2.1 | — |
| Suse | Openstack Cloud | 5 | — |
| Novell | Suse Linux Enterprise Point Of Sale | 11.0 | Sp3 |
| Novell | Suse Linux Enterprise Server | 11.0 | Sp3 |
References
- http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.htmlThird Party Advisory
- http://www.securityfocus.com/bid/98314Third Party Advisory, VDB Entry
- https://bugzilla.suse.com/show_bug.cgi?id=1033948Issue Tracking, Third Party Advisory, VDB Entry
- http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.htmlThird Party Advisory
- http://www.securityfocus.com/bid/98314Third Party Advisory, VDB Entry
- https://bugzilla.suse.com/show_bug.cgi?id=1033948Issue Tracking, Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-7995?
How severe is CVE-2017-7995?
How do I fix CVE-2017-7995?
Are you affected by CVE-2017-7995?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST