CVE-2017-7995
LOWXen < 4.2.5 - Information Disclosure via MMIO Range Access Permission Check
Title source: llmDescription
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98314
Issue Tracking, Third Party Advisory, VDB Entry x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=1033948
Third Party Advisory x_refsource_confirm
http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html
Scores
CVSS v3
3.8
EPSS
0.0010
EPSS Percentile
27.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (6)
novell/suse_linux_enterprise_point_of_sale
11.0 sp3
novell/suse_linux_enterprise_server
11.0 sp3
suse/manager
2.1
suse/manager_proxy
2.1
suse/openstack_cloud
5
xen/xen
< 4.2.5
Published
May 03, 2017
Tracked Since
Feb 18, 2026