CVE-2017-7995

Summary

CVE	CVE-2017-7995
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-05-03 19:59:00 UTC
Updated	2017-05-15 17:45:00 UTC
Description	Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.

Risk And Classification

Problem Types: CWE-200

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Novell	Suse Linux Enterprise Point Of Sale	11.0	sp3	All	All
Operating System	Novell	Suse Linux Enterprise Point Of Sale	11.0	sp3	All	All
Operating System	Novell	Suse Linux Enterprise Server	11.0	sp3	All	All
Operating System	Novell	Suse Linux Enterprise Server	11.0	sp3	All	All
Application	Suse	Manager	2.1	All	All	All
Application	Suse	Manager	2.1	All	All	All
Application	Suse	Manager Proxy	2.1	All	All	All
Application	Suse	Manager Proxy	2.1	All	All	All
Application	Suse	Openstack Cloud	5	All	All	All
Application	Suse	Openstack Cloud	5	All	All	All
Operating System	Xen	Xen	All	All	All	All

References

Reference	Source	Link	Tags
Bug 1033948 – VUL-0: CVE-2017-7995: xen: access-before-verification vulnerability in old Xen	CONFIRM	bugzilla.suse.com	Issue Tracking, Third Party Advisory, VDB Entry
Xen CVE-2017-7995 Information Disclosure Vulnerability	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
[security-announce] SUSE-SU-2017:1146-1: important: Security update for	CONFIRM	lists.opensuse.org	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.