CVE-2017-7995

Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.
References
Link Resource
https://bugzilla.suse.com/show_bug.cgi?id=1033948 Issue Tracking Third Party Advisory VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html Third Party Advisory
http://www.securityfocus.com/bid/98314 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:novell:suse_linux_enterprise_point_of_sale:11.0:sp3:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:ltss:*:*:*
cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*
cpe:2.3:a:suse:manager:2.1:*:*:*:*:*:*:*
cpe:2.3:a:suse:openstack_cloud:5:*:*:*:*:*:*:*

Information

Published : 2017-05-03 12:59

Updated : 2017-05-15 10:45


NVD link : CVE-2017-7995

Mitre link : CVE-2017-7995


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

xen

  • xen

novell

  • suse_linux_enterprise_server
  • suse_linux_enterprise_point_of_sale

suse

  • openstack_cloud
  • manager_proxy
  • manager