Low severity3.8NVD Advisory· Published May 3, 2017· Updated May 13, 2026

CVE-2017-7995

Description

Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.

Affected products

SUSE S.A./Manager
cpe:2.3:a:suse:manager:2.1:*:*:*:*:*:*:*
SUSE S.A./Manager Proxy
cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*
SUSE S.A./Openstack Cloud
cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*
Novell/Suse Linux Enterprise Point Of Sale
cpe:2.3:o:novell:suse_linux_enterprise_point_of_sale:11.0:sp3:*:*:*:*:*:*
Novell/Suse Linux Enterprise Server
cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:ltss:*:*:*
Xen/Xen
cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
Range: <=4.2.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.htmlnvdThird Party Advisory
www.securityfocus.com/bid/98314nvdThird Party AdvisoryVDB Entry
bugzilla.suse.com/show_bug.cginvdIssue TrackingThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.247
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000