DEBIAN-CVE-2017-7995

DEBIAN-CVE-2017-7995 PUBLISHED CVSS 3.799999952316284 LOW

Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.

Risk Scores

CVSS v3.0

3.799999952316284

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:12	xen	0, 0, 0
Debian:14	xen	0, 0, 0
Debian:11	xen	0, 0, 0
Debian:13	xen	0, 0, 0

Timeline

May 3, 2017 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2017-7995 advisory

Open in Interactive Console →