CVE-2017-7995

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-7995

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-7995.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-7995

Related

Published

2017-05-03T19:59:00Z

Modified

2024-09-11T02:00:05Z

Severity

3.8 (Low) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.

References

Affected packages

Debian:11 / xen

Package

Name: xen
Purl: pkg:deb/debian/xen?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / xen

Package

Name: xen
Purl: pkg:deb/debian/xen?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / xen

Package

Name: xen
Purl: pkg:deb/debian/xen?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}