vulnerability
SUSE: CVE-2017-7995: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:S/C:P/I:N/A:N) | May 2, 2017 | May 2, 2017 | Jan 26, 2018 |
Severity
2
CVSS
(AV:L/AC:L/Au:S/C:P/I:N/A:N)
Published
May 2, 2017
Added
May 2, 2017
Modified
Jan 26, 2018
Description
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.
Solutions
suse-upgrade-xensuse-upgrade-xen-doc-htmlsuse-upgrade-xen-doc-pdfsuse-upgrade-xen-kmp-defaultsuse-upgrade-xen-kmp-paesuse-upgrade-xen-libssuse-upgrade-xen-libs-32bitsuse-upgrade-xen-toolssuse-upgrade-xen-tools-domu
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.