CVE-2017-7995
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.
Known Affected Software
45 configuration(s) from 3 vendor(s)
suse_linux_enterprise_server
Version:
11.0
CPE:
cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*
suse_linux_enterprise_point_of_sale
Version:
11.0
CPE:
cpe:2.3:o:novell:suse_linux_enterprise_point_of_sale:11.0:sp3:*:*:*:*:*:*
manager
Version:
2.1
CPE:
cpe:2.3:o:suse:manager:2.1:*:*:*:*:*:*:*
openstack_cloud
Version:
5
CPE:
cpe:2.3:o:suse:openstack_cloud:5:*:*:*:*:*:*:*
manager_proxy
Version:
2.1
CPE:
cpe:2.3:o:suse:manager_proxy:2.1:*:*:*:*:*:*:*
xen
Version:
4.0.2
CPE:
cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:x86:*
xen
Version:
4.2.2
CPE:
cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:x86:*
xen
Version:
4.1.4
CPE:
cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:x86:*
xen
Version:
4.0.1
CPE:
cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:x86:*
xen
Version:
4.1.2
CPE:
cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:x86:*
xen
Version:
2.0
CPE:
cpe:2.3:a:xen:xen:2.0:*:*:*:*:*:*:*
xen
Version:
3.0.2
CPE:
cpe:2.3:o:xen:xen:3.0.2:*:*:*:*:*:*:*
xen
Version:
4.1.5
CPE:
cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:x86:*
xen
Version:
3.2.0
CPE:
cpe:2.3:o:xen:xen:3.2.0:*:*:*:*:*:x86:*
xen
Version:
3.4.1
CPE:
cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*
xen
Version:
4.1.3
CPE:
cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:x86:*
xen
Version:
4.1.0
CPE:
cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:x86:*
xen
Version:
4.2.4
CPE:
cpe:2.3:o:xen:xen:4.2.4:*:*:*:*:*:arm:*
xen
Version:
3.2.3
CPE:
cpe:2.3:o:xen:xen:3.2.3:*:*:*:*:*:*:*
xen
Version:
4.1.6.1
CPE:
cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:arm:*
xen
Version:
4.2.3
CPE:
cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:arm:*
xen
Version:
3.3.2
CPE:
cpe:2.3:o:xen:xen:3.3.2:*:*:*:*:*:*:*
xen
Version:
3.3.0
CPE:
cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*
xen
Version:
4.1.1
CPE:
cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:x86:*
xen
Version:
3.1.4
CPE:
cpe:2.3:o:xen:xen:3.1.4:*:*:*:*:*:*:*
xen
Version:
3.3.1
CPE:
cpe:2.3:o:xen:xen:3.3.1:*:*:*:*:*:*:*
xen
Version:
3.4.3
CPE:
cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*
xen
Version:
3.1.3
CPE:
cpe:2.3:o:xen:xen:3.1.3:*:*:*:*:*:*:*
xen
Version:
4.2.0
CPE:
cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:x86:*
xen
Version:
4.0.0
CPE:
cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:x86:*
xen
Version:
3.1.2
CPE:
cpe:2.3:a:xen:xen:3.1.2:*:*:*:*:*:*:*
xen
Version:
3.2
CPE:
cpe:2.3:a:xen:xen:3.2:*:*:*:*:*:*:*
xen
Version:
4.2.5
CPE:
cpe:2.3:o:xen:xen:4.2.5:*:*:*:*:*:arm:*
xen
Version:
3.0.3
CPE:
cpe:2.3:o:xen:xen:3.0.3:*:*:*:*:*:*:*
xen
Version:
4.0.3
CPE:
cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:x86:*
xen
Version:
3.2.2
CPE:
cpe:2.3:o:xen:xen:3.2.2:*:*:*:*:*:*:*
xen
Version:
3.4.2
CPE:
cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*
xen
Version:
3.4.0
CPE:
cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*
xen
Version:
3.2.1
CPE:
cpe:2.3:o:xen:xen:3.2.1:*:*:*:*:*:*:*
xen
Version:
4.2.1
CPE:
cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:x86:*
xen
Version:
2.2.0
CPE:
cpe:2.3:o:xen:xen:2.2.0:*:*:*:*:*:*:*
xen
Version:
3.4.4
CPE:
cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*
xen
Version:
4.0.4
CPE:
cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:x86:*
xen
Version:
4.1.6
CPE:
cpe:2.3:o:xen:xen:4.1.6:*:*:*:*:*:*:*
xen
Version:
3.0.4
CPE:
cpe:2.3:o:xen:xen:3.0.4:*:*:*:*:*:*:*
This vulnerability affects 45 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.htmlcve@mitre.org Third Party Advisory
-
http://www.securityfocus.com/bid/98314cve@mitre.org Third Party Advisory VDB Entry
-
https://bugzilla.suse.com/show_bug.cgi?id=1033948cve@mitre.org Issue Tracking Third Party Advisory VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://www.securityfocus.com/bid/98314af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
-
https://bugzilla.suse.com/show_bug.cgi?id=1033948af854a3a-2127-422b-91ae-364da2661108 Issue Tracking Third Party Advisory VDB Entry
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
- Description
- The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- Exploit Likelihood
- High
- Typical Severity
- Medium
- Abstraction Level
- Class
Key Information
- Published Date
- May 03, 2017
