Vulnerability CVE-2017-7995


Published: 2017-05-03

Description:
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.

CVSS2 => (AV:L/AC:L/Au:S/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
1.7/10
2.9/10
3.1/10
Exploit range
Attack complexity
Authentication
Local
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
XEN -> XEN 
SUSE -> Openstack cloud 
SUSE -> Manager 
SUSE -> Manager proxy 
Novell -> Suse linux enterprise point of sale 
Novell -> Suse linux enterprise server 

 References:
http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html
http://www.securityfocus.com/bid/98314
https://bugzilla.suse.com/show_bug.cgi?id=1033948

Copyright 2022, cxsecurity.com

 

Back to Top